500 Million Users Exposed by Marriott

2018 has been the year of the hack. The problem, so was 2017, 2016, and so on… Marriott International has announced that they have had what could be the second largest data leak in history. They are saying that they are responsible for a data breach that leaked some 500 million records over a five-year span.

The hotel chain, which includes all St. Regis, Westin, Sheraton, and W Hotel properties, were all managed by Marriott International’s Starwood reservation system. This system has been compromised since 2014, the multinational hotel conglomerate announced at the end of November. This gave hackers five years to cherry pick names, phone numbers, email addresses, passport numbers, dates of birth, and arrival and departure information for nearly 327 million people. In some cases, credit card numbers and expiration dates were compromised.

Even though it has been a rough few years for corporations of all types, this breach is larger than the 2017 breach of Equifax and only smaller than the 2013 breach of Yahoo that affected some three billion users. Unlike those other companies, Marriott International came clean right as they found out instead of sitting on the information like Equifax and Yahoo did.

How Can You Protect Yourself?
Marriott began rolling out the notification emails to impacted customers on the Friday after the hack was discovered and has established a call center and notification website that has been updated frequently (last entry was December 22). The company seems to be operating with the assumption that every Starwood’s customer has been impacted in some way. Additionally, the company is offering enrollment in the identity monitoring service WebWatcher for one year to anyone that thinks he/she may have been impacted. This service will alert you if your likeness is found online, including on the dark web. To protect yourself further, you’ll want to:

Following these four best practices will go a long way toward protecting yourself against further damage. If you have been the victim of a data breach in the past, you know that you need to be diligent about ensuring your personal information is protected.

For more information about the best practices to keep your data and information safe, return to our blog regularly.