In a massive data breach, Marriott says that the personal information of over 500 million guests has potentially been exposed.
So you find yourself swept up in potentially one of the largest data breaches in history – among as many as 500 million Starwood Hotel customers whose personal data may have been accessed. What do you do now?
Cybersecurity and online fraud experts stress vigilance to protect your identity and other accounts from being attacked.
“The potential damage cannot be understated,” said Paige Boshell, a privacy and cybersecurity attorney with Privacy Counsel in Birmingham, Alabama. “This type of information may be retained and used over and over again for years.”
Among the potentially-accessed data belonging to customers who made reservations at Starwood hotels, Marriott says as many as 327 million customers’ data includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
More: Marriott says as many as 500 million Starwood guests data may have been breached
Also, for some Starwood guests, the data may also include payment card numbers and payment card expiration dates, but the payment card numbers were encrypted, Marriott says.
Marriott says the breach does not involve reservations made at Marriott hotels, as those are maintained on a separate reservation system on a different network. Starwood Hotels include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.
More : Exclusive: Apple Music is coming to Amazon Echo speakers week of Dec. 17
More: LA Auto Show: 16 cup holders? 7 USB ports? Inside the family SUV frenzy
More: Cautious millennials are getting worse deals on loans and credit cards
Marriott has begun emailing guests whose email addresses are in the database. The company says it will provide free of charge online account monitoring software WebWatcher to guests for one year. The service reimburses fraud loss of up to $1 million. U.S. customers who use it will also get fraud consultation services and reimbursement coverage for free.
To enroll in WebWatcher and get additional information about the breach, customers can go to info.starwoodhotels.com.
“Consumers should also recognize that the effects of this breach are likely to affect other online accounts they possess including online banking, healthcare information, workplace data and social media accounts,” said Aman Khanna, vice president of products at Mountain View, California-based security firm ThumbSignIn.
Other steps consumers should take to bolster security:
•Contact any credit card company that you might have a card on file with Starwood or Marriott, even expired or closed ones, Boshell says, to flag the card accounts and change card numbers.
•In the wake of data breaches, consumers should be wary of third parties attempting to gather information by deception, so-called “phishing” attempts, including through links to fake websites.
Current phishing attempts involve sending a personalized email, claiming to have compromised all your personal data and your password is “xxx” where xxx is the compromised password, “preying on your vulnerability to believe that,” said Marty Puranik, a cybersecurity expert and CEO of Atlantic.Net, a cloud hosting company headquartered in Orlando, Florida.
“So be aware that if someone attempts to take advantage of you, because they have some of your data they will not necessarily have much,” he said. Even though the compromised passwords in this case may be encrypted, password crackers can usually break easy ones, he says.
•If you think you may be the victim of identity theft – or your personal data has been misused – immediately contact law enforcement and the Federal Trade Commission. On the FTC’s site, it recommends consumers get a free, one-year fraud alert from one of three credit bureaus – Equifax, Experian, or TransUnion.
“Annual credit reports and credit freezes are free,” Boshell said. “Freezes enable the consumer to review each application of credit made in his or her name and stop fraud as it is happening.”
•If you think your passport number is involved, treat your passport as if it were stolen and contact the State Department to replace it with a new number.
•Change your password. Do not use easily guessed passwords or the same passwords for multiple accounts. (FYI: Marriott says it will not ask you to provide your password by phone or email.) And on any online account that offers it, you should set up two-factor authentication, which sends a text message to your phone number with a verification code when you log into an app or site.
“This is one of the simplest and most effective ways to secure accounts and most banks and healthcare institutions offer this protection for free,” Khanna said.
•Review your credit card statements for unauthorized activity and immediately report any to your bank.
•Monitor your Starwood Preferred Guest account for suspicious activity.
•Protect your children’s identity, too. “Children identity theft has risen rapidly,” Boshell said. “If you have stored your children’s date of birth or passport number with Starwood or Marriott, consider taking all of the above steps for them as well. It is always a good idea to monitor your children’s credit anyway as identity theft often goes undetected until the child is old enough to apply for credit, housing or employment.”
•Contact your state attorney general’s office as well for additional tips and to make sure that any enforcement action they take considers your case.
•You can also contact the Federal Bureau of Investigation if any of the data potentially stolen was for professional travel and involves a business, non-profit, or other group. “The FBI will likely be monitoring these developments, may have insights not yet public, and can benefit from your input in investigating this crime,” Boshell said.
Follow USA TODAY reporter Mike Snider on Twitter: @MikeSnider.
Read or Share this story: https://www.usatoday.com/story/money/business/2018/11/30/marriotts-starwood-customers-protect-identity-after-breach/2160236002/