If you travel regularly for business and are among the 500 million customers potentially affected by the Marriott data breach, there are some actions you may want to take.
On November 30, 2018, Marriott announced the data of up to 500 million of its customers might’ve been compromised.
If you stayed at a Starwood-branded hotel from 2014 to September 10, 2018, and you are part of the almost half a billion people, this is what the Marriott data breach impacted.
A combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. This was the case for around 327 million guests.
There was another set of data limited to name and sometimes other data such as mailing address, email address, or other information (no specification as to what the other information is).
For some of the other guests, the above information along with payment card numbers and payment card expiration dates were also exposed. However, the company says this data was encrypted using Advanced Encryption Standard (AES-128).
But this point could be moot because the two components required for decrypting the payment card numbers could have been taken, this according to Marriott.
The Starwood Brand of Hotels
You might’ve stayed at one of the Starwood brands of hotels and not know it is part of the Marriott data breach.
Here are all of the brands:
- Westin
- Sheraton
- The Luxury Collection
- Four Points by Sheraton
- W Hotels
- St. Regis
- Le Méridien
- Aloft
- Element
- Tribute Portfolio
- Design Hotels
It also includes Starwood branded timeshare properties.
What Actions Should You Take?
According to Malwarebytes Labs:
- Change your password for any compromised accounts (Starwood Preferred Guest Rewards Program) with multi-factor authentication. Even if cybercriminals steal your login credentials, multi-factor authentication requires them to have at least one other authentication mechanism such as your phone.
- Look for any suspicious activity by monitoring your credit card and bank accounts. By law, you get a free credit report from each of the three major credit bureaus. You can go to annualcreditreport.com and get it.
- Consider freezing your credit because it will make it that much harder to open up a line of credit under your name. You can stop the freeze at any time but you will have to contact each credit bureau individually.
- Be very careful when you open your emails. Cybercriminals know Marriott is going to be contacting customers to address the issue, so this is a great time to send out phishing emails. The email will look like it is from Marriott, which will include a logo and similar looking email account. If you are not sure where the email is coming from, do not open it. In addition to phishing attacks, you may also introduce malware into your system.
Company Action
Marriott has established a dedicated website (info.starwoodhotels.com) and a call center to answer questions for its customers. The call center is open 24/7 and it is available in multiple languages.
The company is also sending out emails to the affected customers along with a free year’s subscription to an identity-theft protection service.
The email will only come from this address: [email protected].
The company said it will not request any personal information and the email will not contain any attachments.
As mention above this is a very important point to take note of because cybercriminals will use this time to launch phishing attacks with similar email addresses to request information.
Photo via Shutterstock