Late last week, Marriott International announced they experienced a "data security incident" involving their Starwood guest reservation database. Their investigation showed that there had been unauthorized access to the database, which contained information on up to approximately 500 million guests who've made reservations at a Starwood property.*
In what may be one of the most massive security breaches to date, approximately 327 million of these guests also had details including their names, mailing addresses, phone numbers, email addresses, passport numbers, reservation dates, and communication preferences exposed. For some, encrypted payment card numbers and expiration dates were exposed. Moreover, the unauthorized access to the Starwood network had been occurring since 2014 until Marriott was alerted by an internal security tool in September 2018. Anyone who has made a reservation at a Starwood property on or before September 10, 2018 could be affected.
Here's what the Federal Trade Commission has to say about this breach.
How Marriott Responded to the Breach
Marriott has attempted to contain the breach and is conducting an investigation with security experts to learn how and why the breach occurred so that guest information is not compromised again in the future. The FBI, other law enforcement, and federal regulators have been contacted and are also investigating.
As for guests who've made reservations through the Starwood guest reservation database and who provided an email, they're being contacted on a rolling basis by Marriott via email so they can be informed of the breach. (Side note: security experts have pointed out that Marriott hasn't handled their email outreach securely. Read more here.) The company has established a dedicated call center where potential data breach victims can ask questions about the incident by phoning 877-273-9481. Marriott is also offering access to a free monitoring service called WebWatcher, which is available to anyone who believes their personal information has been compromised in the breach. Keep in mind that this service is only available to Marriott's guests who reside in the U.S., Canada, the U.K. and several other countries, but not all countries impacted by the breach.
Top Precautions to Take Now
Whether or not you were affected by the Marriott data breach, there are precautions you can take now to monitor and protect your identity:
- If you made reservations at a Starwood property prior to September 10, 2018, let Marriott know. You can call 877-273-9481 or visit their informational website at https://answers.kroll.com to learn more as additional details about the breach are released to the public.
- Check your credit report. “We suggest that our members take the opportunity to review their credit reports regularly,” said David Sprague, President and CEO of Hanscom Federal Credit Union. “We offer our members a free credit score and report review, which we strongly recommend that they take advantage of. Members can get more information about and schedule this review by visiting hfcu.org/score.”
- Monitor your credit card statements. Look for any unauthorized charges, regardless of how small they are. It is easy to overlook a small charge from a retailer that you frequent, but it is important to cross-check each transaction.
- Stay on top of your bank accounts. Set a time each day to review your accounts. The transactions of the past day will still be fresh in your mind. Make it easy by signing up for Online Access and adding the Hanscom FCU app to your smartphone.
- Set up Hanscom Federal Credit Union account alerts. When using Online Access, you will see Alerts and Security options. Take time to set up alerts to notify you if your account hits a specified balance, there is a transaction on your account, your security alert preferences are changed, a new user is created, the forgot password process is completed, or a new computer browser is identified. Learn more here.
- Add a fraud alert to your credit file. This type of alert warns credit issuers that your personal data might have been stolen so that all efforts will be used to verify your identity before opening credit in your name. An Initial Alert lasts 90 to 180 days. An Extended Alert can last seven years. Get details about setting up credit report fraud alerts here. Keep in mind that this will only draw caution if someone tries to open a new account in your name. It will not protect you from unauthorized use of existing accounts.
- File your 2018 tax return early. Scammers may try to use your Social Security number to claim a tax refund. Beat them to it by filing your return promptly.
- Keep informed. Follow the Hanscom Federal Credit Union blog, media page, Twitter and Facebook for financial tips, security advice and news you need to protect your money and your identity.
*W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.
Others are reading: