You’ve likely heard about the massive data hack that Marriott Hotels was on the wrong end of recently. Though an official announcement from the hotel chain came late last week, reports indicate that this data breach – one of the largest in history affecting up to 500 million customers – was likely years in the making. In fact, experts believe that the breach initially originated within Starwood Hotels’ operations, and then proceeded to go undetected when Marriott purchased the company back in 2014.
What’s resulted is the compromising of e-mail addresses, credit card numbers, mailing addresses, names, and perhaps worst of all, passport numbers. The who, what and why of how a breach of this magnitude was left to go undetected for so long will likely continue to play out in the coming days, weeks and months. However, for those who are concerned that their data may be compromised, the time is now to take action. Here’s everything we know (so far) about the breach, and what you should do if you believe you may have been affected:
Were You Affected?
While the breach involves Marriott-owned hotels, the hacking only applies to those that previously were owned under the Starwood brand. So if you stayed at a Marriott recently, you’re OK. But if you stayed at a W Hotel, St. Regis, Sheraton hotel, Westin hotel, Element hotel, Aloft hotel, Luxury Collection, Tribute, Le Meridien, Four Points, Design – or any other hotel that participates in Starwood’s rewards program – you may have been affected.
What You Should Do
Aside from the obvious of checking your accounts for signs of fraudulent activity and changing your online account passwords, there are a number of other things that you can do to safeguard your information. Many of these steps are consistent with how you should react should your data be compromised in any type of data breach, but they’re certainly worth revisiting:
Credit monitoring: As part of Marriott’s crisis management strategy, it’s offering all guests a complimentary one-year subscription to WebWatcher, a monitoring service that analyzes websites where valuable information is shared and alerts consumers when suspicious activity is detected. Be sure to sign up for this service, even if it’s just for the year you get it for free.
Credit freeze: If you’re really concerned about identity theft, the best thing you can do is freeze your credit. This essentially will prevent any new credit from being issued to your name without your direct knowledge and permission. You’ll have to contact the three major credit bureaus (Experian, Equifax, TransUnion) to enact the freeze, and then you’ll need to circle back around to the trio an “un-freeze” your credit when you want to take out a loan.
Check your rewards: Aside from your financial accounts, be sure to watch over your Starwood Preferred rewards account, as hackers may attempt to cash in your earned points toward stays or travels of their own. Contact Marriott if this has happened to you.
Apply for a new passport: It’s one thing to lose a passport, it’s another thing to have your passport data stolen right out from underneath you while you’re still in possession of it. The latter is one unique challenge that affected Marriott customers may have to contend with, especially international travelers. In the wrong hands, stolen passport numbers could be forged onto new passports by wrongdoers. If you’re worried about your passport, contact the State Department. Reporting your passport as either “lost” or “stolen” will essentially mark it as invalid, resulting in a good-news, bad-news situation. The good news is that any thief won’t be able to use it and impersonate you. The bad news is you’ll have to get a new one (complete with a new number), and this may take anywhere from 4-6 weeks to arrive. Not to mention you’re likely on the hook for the fees associated with it.
While the Marriott data breach is the latest to make headlines, it’s certain not to be the last. It’s why we recommend getting to know the tips and tactics above to safeguard confidential data that may have been swiped. Even if you don’t need to address such issues this time, you may have to take action the next time it happens.