Another major data breach has compromised the personal information of up to 500 million people. Guests of Marriott International's Starwood Hotels—which includes hotel brands like Sheraton, Westin, W, Aloft, and St. Regis—who made reservations on or before September 10, 2018 are at risk, according to The Washington Post.
Marriott says that because the Starwood leak dates back all the way to 2014 (before Marriott International's acquisition of the company in 2016), the full extent of the breach isn't yet clear. However, we do know that the data that hackers were able to access from the Starwood Hotels reservation system involved more than just your preference for a queen- or king-sized bed.
The leak included names, addresses, phone numbers, email addresses, passport numbers, birthdays, gender, loyalty program account info, and reservation info, including arrival and departure dates. Though the credit card information on file was encrypted, the hotel chain can't guarantee that the hackers aren't able to decrypt those customers' card numbers and expiration dates. Roughly 327 million guests were involved with the wide-ranging leak, while a lesser number only had their names, addresses, email addresses, and some other limited information shared with hackers.
According to the MIT Technology Review, it's one of the biggest data thefts ever. So what are current and former Starwood guests supposed to do?
Beware of Phishing.
If you have stayed at one of Marriott's Starwood brands (and there are a lot of them), be on the lookout for an email from Marriott notifying you that your data might have been stolen. If you do receive an email, make sure that it's not a phishing attempt by someone looking to capitalize on the situation. Legitimate emails will come from starwoodhotels@email-marriott.com. "Please note that the email you may receive from us will not contain any attachments or request any information from you, and any links will only bring you back to this webpage," the Marriott page explaining the incident warns. (The company won't ask for your password or other information over the phone, either.)
Sign Up for Fraud Monitoring.
To help customers whose data was stolen, Marriott is offering a free year of fraud monitoring from WebWatcher. The program monitors sites where your personal information may be shared and alerts you if your data pops up. It offers reimbursement for legal costs and expenses associated with identity theft and access to a fraud specialist who can help you through the process of monitoring and protecting your data.
Watch Your Accounts.
Marriott is also encouraging guests to monitor their Starwood Preferred Guest loyalty accounts, change their passwords (use a password manager and two-factor authentication), be careful of phishing attempts, and, if they think their identity has been stolen, contact law enforcement.
Sign Up for Credit Alerts.
To be really safe, you may also want to place a credit alert with the major credit bureaus, which will make it harder for someone to open new accounts and lines of credit in your name.