What you should do after the Marriott data breach

  • By Hamza Shaban,
  • The Washington Post
  • Online Security
  • Online Security
  • Online Security
  • Online Security
  • Online Security
  • Facebook.
  • Twitter.
  • LinkedIn.
  • Google Plus
  • Print

One of the largest hotel chains in the world announced Friday that the personal information of up to 500 million guests may have been stolen after its reservations database was hacked.

Marriott International said that guests who made reservations with its Starwood properties on or before Sept. 10 may have had their information compromised. Among the hotels under the Starwood brand are Sheraton, Westin and St. Regis.

What was stolen?

The database included information tied to as many as 500 million guests, Marriott said. For about 327 million of the guests, hackers had access to names, addresses, phone numbers, email addresses and passport numbers. The hackers could also see loyalty program account information, dates of birth, gender and reservation information.

The hotel said that the database also contained encrypted credit card numbers for some customers and that it can’t rule out that the hackers stole information that could decrypt and reveal those numbers.

For the remaining customers, the information stored in the database included their names and, for some, addresses, email addresses and other information, Marriott said.

What should I do?

If you made a reservation with a Starwood hotel on or before Sept. 10, the information you shared may have been stolen, the hotel said.

Starting Friday, Marriott said it will begin sending emails on a rolling basis to affected guests who have shared their email addresses with Starwood. Marriott has cautioned customers to stay vigilant as they look for this email because malicious actors may try to pose as Marriott.

On an FAQ page, Marriott listed the official email address from which it will send the notification. The hotel said:

When other companies have provided notifications like this, other people used it to try to trick individuals into providing information about themselves through the use of links to fake websites (phishing) or by impersonating someone they trusted (social engineering). Please note that the email you may receive from us will not contain any attachments or request any information from you, and any links will only bring you back to this webpage.

Marriott has also put up a dedicated website and directed customers to a cell center to ask questions.

How do I sign up for fraud monitoring?

Marriott said it is offering customers a fraud monitoring service at no cost for one year. It said WebWatcher monitors websites where personal data is shared and alerts customers if their information is found. People can enroll in WebWatcher through Marriott’s dedicated website.

What happens next?

Marriott has directed customers to monitor their loyalty program, Starwood Preferred Guest, for suspicious activity. Customers should also review their credit card statements and look out for unauthorized purchases, the hotel said.

Marriott said it will not ask customers to provide their password by phone or email and told guests to stay vigilant against phishing attempts in the wake of the data breach.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Google Plus
  • Print

For more news you can use to help guide your financial life, visit our Insights page.


© 2018 The Washington Post
Votes are submitted voluntarily by individuals and reflect their own opinion of the article's helpfulness. A percentage value for helpfulness will display once a sufficient number of votes have been submitted.
close
Please enter a valid e-mail address
Please enter a valid e-mail address
Important legal information about the e-mail you will be sending. By using this service, you agree to input your real e-mail address and only send it to people you know. It is a violation of law in some jurisdictions to falsely identify yourself in an e-mail. All information you provide will be used by Fidelity solely for the purpose of sending the e-mail on your behalf.The subject line of the e-mail you send will be "Fidelity.com: "

Your e-mail has been sent.
close

Your e-mail has been sent.

You May Also Like...

10 great places to retire abroad

Thinking about retiring abroad? These 10 overseas destinations are ranked highly by multiple websites. Here's an interactive overview of what makes these countries so appealing.

A plan to help older workers who are losing their jobs

New programs that prevent U.S. workers from being pushed out of their jobs before they choose to retire could have widespread benefits.

Top 10 changes to your 2018 tax return

Recent tax law changes could dramatically affect how much you'll pay in taxes — or the size of your refund. In this guide, you'll discover 10 changes that will significantly alter the return you file this spring.