Marriott Data Breach: What You Need to Know

Last week, Marriott International revealed that it suffered a breach of its Starwood reservation database. The breach exposed the personal information of up to 500 million people.

The breach began back in 2014 and anyone who stayed at any of Marriott’s Starwood properties (i.e. W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, Starwood timeshares and Design Hotels that participate in the Starwood Preferred Guest (SPG) program) on or before September 10, 2018 may have had their information exposed.

Hackers accessed people’s names, credit card information, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information.

Two massive multi-billion dollar class-action lawsuits have already been filed against the company. Meanwhile, the nature of the breach raises some serious questions — mainly how did the breach go undiscovered and unreported for more than four years?

Following last year’s massive data breach at the credit reporting agency Equifax, VPIRG joined other consumer and privacy advocates in pushing through a number of reforms to better protect Vermonters from these breaches and give them better recourse when they do occur. However, there’s much more than can be done.

We don’t have all the details of this breach yet – but it suggests that improvements to our data breach notification laws and an expansion of security standards for companies that maintain sensitive personal information is needed. VPIRG will be advocating for these types of reforms in the upcoming session, along with other improvement to bolster the security of Vermonters’ personal information.

In the meantime, here are some important steps you should take if you think you may have been impacted by the Marriott data breach (h/t U.S. PIRG and the FTC for some of these tips):

  • Protect yourself from fraudsters opening new accounts in your name by getting credit freezes at all three nationwide credit bureaus Equifax, Experian, and TransUnion. Credit freezes are the best way to prevent someone from opening a new account in your name, and thanks to a law VPIRG helped pass last year these freezes are now free. VPIRG will be advocating to a change in the law that allows you to place a freeze at just one bureau and have it automatically apply at the others, simplifying the process for consumers.

  • Place a fraud alert on your credit files. Credit freezes are the best tool to prevent fraudulent activities in your name, but a fraud alert is another useful tool to monitor potential suspicious activity. These alerts are also free and stay on your credit file for one year. During that time, creditors are notified that you may be an identity theft victim and they should verify the identity of anyone seeking credit in your name.
  • Monitor your credit for suspicious activity with a free credit report by visiting annualcreditreport.com. You’re entitled to one free credit report per year from each of the nationwide credit bureaus, meaning you can check your credit for any suspicious activity every four months. Use the website above to safely receive this report.
  • Avoid tax refund fraud by filing your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.
  • Avoid Social Security benefits fraud by signing up for your “my Social Security” (MySSA) account before thieves claim it and change your direct deposit info to route into their checking accounts.
  • Be wary of phishing scams. Ignore unsolicited requests for information by email, links, phone calls, pop-up windows or text messages. Marriott will notify its affected customers about its breach by email (starwoodhotels@email-marriott.com) and has said it will not ask for personal information or include attachments.