If you've stayed at a Starwood Hotel since 2014, you may be one of 500 million customers whose personal data was stolen in a data breach. Marriott, which owns Starwood Hotels, says the breach was discovered on September 10, 2018, but that hackers could have had access as far back as 2014.
What was stolen
Hackers breached a database containing guest information, which could include the guest name, email address, arrival and departure information, Starwood rewards information, mailing address, phone number, date of birth, gender and passport number. It's possible that encrypted credit card information (and the means to decrypt it) was also stolen.
Who is impacted
Your data may have been stolen if you made a reservation at a Starwood Hotels property in the last four years. Starwood Hotels brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties are also included. Marriott is saying that its own network of hotels does not appear to be affected.
Today, Marriott began sending emails to those guests who were affected and whose email addresses are in the Starwood guest database. Keep in mind that it takes time to send half a billion emails, so you may not get your email immediately. Time is reporting that breach notification emails are only being sent from "firstname.lastname@example.org" and that they would not include attachments or request personal information, including passwords. If you're unsure of the origin of an email, check out our guide: How to Tell if an Email has Been Spoofed.
What you should do
- Monitor your credit card and bank statements for suspicious activity.
- Be extra careful when opening emails. Data stolen from the breach could be sold and used in phishing scams to try to trick you into giving hackers other valuable information.
- Change your password for your Marriott accounts. And If you've ever used your Marriott accounts passwords as the password to login to any other site or service, change those account passwords. Follow our tips for creating a strong password or use a password manager to help make the process of creating and managing multiple passwords easy.
- If you think you were affected, Marriot is offering a year of WebWatcher for free (yes, the URL redirects to answers.kroll.com). WebWatcher alerts you when your personal information is being shared. Registering also entitles you to free fraud consultation services and reimbursement coverage, should you lose money due to the breach.
- If you have questions, Marriott has established a dedicated call center (877.273.9481) and email support address (email@example.com).
[Image credit: data breach concept via BigStockPhoto]