What to do if you're affected by the Marriott data breach

If you've stayed at a Starwood hotel in recent years, there's a good chance you've been impacted by a massiv...

Posted: Dec 1, 2018 8:08 AM
Updated: Dec 1, 2018 8:08 AM

If you've stayed at a Starwood hotel in recent years, there's a good chance you've been impacted by a massive data breach that potentially exposed the personal data of about 500 million guests.

Marriott — which owns Starwood hotels such as the St. Regis and the Westin — on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.

Banking, finance and investments

Business, economy and trade

Consumer loans and credit

Credit cards

Personal finance

Digital security

Technology

Companies

Marriott International Incorporated

Crime, law enforcement and corrections

Criminal offenses

Digital crime

Digital privacy

For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. This kind of information could be used to steal your identity and open bank accounts, credit cards or loans in your name.

It's the second biggest corporate data breach in history, behind one involving Yahoo, which said last year that 3 billion accounts among several of its brands were compromised.

Marriott said it will start emailing users who were impacted and it has set up a website with information about the breach.

In the meantime, here's what you can do to protect yourself:

Change your password

Marriott says guests should change their passwords regularly and pick ones that aren't easily guessed. For example, instead of a common phrase, choose a combination of four or more unrelated words with numbers, characters and a mix of upper and lower-case letters.

You should also have different passwords for all the services you use.

"Changing your password will just add one more roadblock to a potential hacker getting into your system," said Aaron Brantly, a cybersecurity expert at Virginia Tech.

Many websites, including social media and financial accounts, offer two-factor authentication for an added layer of security. Even if someone obtains your password, you can't access your accounts without a second piece of information, like a code texted to your phone.

Monitor your accounts for suspicious activity

Marriott recommends customers keep an eye on their Starwood Preferred Guest account for any suspicious activity. Guests should also check their bank, retirement, and brokerage accounts, as well as credit card statements to look for any unauthorized transactions.

Some experts recommend signing up for credit monitoring services or identity theft protection. A more extreme step is putting a freeze on your credit, which blocks anyone from accessing your credit reports without permission.

"Unfortunately, the reality is [these consumers] have to monitor continuously, for generally the rest of their lives," said Brantly. "These types of accounts are sold regularly on the dark web. ... You can usually buy credit card information for a couple dollars per credit card online."

Vivek Lakshman, VP of innovation at cybersecurity firm ThumbSignIn, says consumers can also enroll in services like WebWatcher -- which Marriott is providing for free for a year -- to track their exposure. These sites monitor websites where personal information is shared and alerts consumers if there's evidence of their information is exposed online.

Open a separate credit card for online transactions

Yair Levy, a cybersecurity and information systems expert at Nova Southeastern University, recommends having a credit card dedicated to online shopping. This makes it easier to track transactions and spot fraudulent activity.

If that credit card is compromised, you also won't have to update automatic payments for things like bills.

Limit the information you share

Experts say not to provide information unless it's absolutely required to buy a product or service.

"Consumers should limit what they provide companies based on their need to know. Often, companies gather data that they may not need, but take if volunteered," said Marty Puranik, the CEO of Atlantic.Net, a cloud computing and hosting services provider.

For example, a travel company may ask for passport information, but it may not be required. If it is, you can ask what other forms of identification you can provide instead.

"If you give lower level information, or information that can be changed -- for example, a second credit card to verify your identity -- it is easier to change and protect that then a social security number or passport ID," he said.

But this isn't always possible. If you are traveling internationally, a company like Marriott may require a passport number.

Avoid saving credit card information on websites

Experts recommend minimizing the number of places where you store credit card information. However, this doesn't mean your data will be safe or protected -- it just helps cut down on the risk.

Another option is to use services such as PayPal, Google Pay, or Apple Pay, which let you pay for goods and services without divulging your credit card to the company you're buying from.

Be vigilant

Consumers should work under the assumption cyber criminals already have access to their information as breaches become increasingly common.

"Having a very healthy dose of skepticism moving forward is probably the best way to safeguard yourself in an era where all your information has been divulged, unfortunately," said Brantly.

Experts caution internet users to be wary of "phishing" attempts by bad actors looking to steal your data, including through bogus emails, fake links and fraudulent websites. On its informational website about the hack, Marriott reminded members the company will not ask you to provide your password by phone or email.

"Know you are consistently being exposed [and] consistently under threat -- not necessarily through any fault of your own but accidental disclosures by companies or carelessness by companies. It requires us in the modern era to be vigilant consistently," said Brantly.

Terre Haute
Overcast
48° wxIcon
Hi: 53° Lo: 44°
Feels Like: 45°
Robinson
Overcast
47° wxIcon
Hi: 51° Lo: 42°
Feels Like: 47°
Indianapolis
Overcast
46° wxIcon
Hi: 52° Lo: 45°
Feels Like: 42°
Rockville
Overcast
41° wxIcon
Hi: 53° Lo: 44°
Feels Like: 41°
Casey
Overcast
44° wxIcon
Hi: 50° Lo: 43°
Feels Like: 40°
Brazil
Overcast
48° wxIcon
Hi: 52° Lo: 44°
Feels Like: 45°
Marshall
Overcast
48° wxIcon
Hi: 51° Lo: 43°
Feels Like: 45°
Cloudy night with scattered sprinkles
WTHI Planner
WTHI Temps
WTHI Radar

Latest Video

Image

New named tropical storm

Image

Unreal Nightmare Escapes

Image

Church offers trunk-or-treat

Image

Jeep Junkies Trunk-or-Treat

Image

Riders compete at Griffin Bike Park

Image

College Goal Sunday

Image

Remembering Leeam Pritcher

Image

Bike competition this weekend

Image

Bikes for Tykes Assembly Day

Image

Sunday Morning Forecast Update

WTHI Events

 

Illinois Coronavirus Cases

(Widget updates once daily at 7 p.m. CT)

Confirmed Cases: 374901

Reported Deaths: 9751
CountyConfirmedDeaths
Cook1738175409
DuPage22546607
Lake20485509
Will18179427
Kane16453347
Winnebago10052180
St. Clair7878218
Madison7084154
McHenry6225120
Champaign604829
Unassigned4787270
Peoria448570
McLean410334
Rock Island396090
Sangamon389663
Kankakee336680
Macon296951
Kendall263030
Tazewell259456
LaSalle237863
DeKalb231742
Coles189639
Williamson185759
Adams183819
Boone183025
Clinton173326
Vermilion169710
Jackson152426
Whiteside138725
Knox127216
Randolph124915
Ogle11857
Effingham11594
Marion99119
Grundy9607
Franklin9529
Stephenson9497
Monroe90329
Bureau89517
Jefferson89348
Morgan89024
Henry8427
Christian81129
Macoupin78410
Union78425
McDonough73920
Lee7051
Fayette67422
Douglas6559
Shelby65312
Crawford6446
Livingston62610
Montgomery60916
Woodford59614
Logan5894
Saline5559
Fulton4981
Warren4938
Iroquois48919
Bond4889
Jo Daviess4867
Wayne48112
Jersey47021
Cass46011
Perry43016
Moultrie4084
Carroll40111
Johnson3460
Richland33316
Lawrence3328
Pike3326
Hancock3094
Clark30717
Clay30713
Washington3012
Mason3001
Greene28715
Cumberland2816
White2644
Jasper26110
De Witt2556
Mercer2526
Piatt2440
Pulaski2351
Wabash2205
Ford19112
Menard1821
Massac1542
Edgar15310
Marshall1503
Henderson1280
Alexander1201
Hamilton1172
Brown1070
Edwards1070
Gallatin1062
Scott1020
Schuyler911
Putnam900
Stark853
Calhoun670
Hardin530
Pope421
Out of IL80

Indiana Coronavirus Cases

(Widget updates once daily at 8 p.m. ET)

Confirmed Cases: 160454

Reported Deaths: 4118
CountyConfirmedDeaths
Marion25691791
Lake14023358
St. Joseph9399165
Elkhart9026137
Allen8424230
Hamilton6293114
Vanderburgh601161
Tippecanoe383615
Hendricks3337133
Porter332350
Monroe330338
Johnson3207129
Delaware303474
Clark300763
Vigo268740
Madison244996
LaPorte231760
Cass226922
Warrick199565
Kosciusko193727
Floyd183968
Howard167066
Bartholomew145358
Dubois142726
Marshall142726
Wayne135331
Grant129739
Henry129730
Boone126950
Hancock122344
Noble119135
Jackson116417
Dearborn100028
Morgan97440
Lawrence94037
Gibson91512
Daviess90234
Clinton88916
Shelby87231
LaGrange82115
Knox79510
Harrison78324
Putnam75616
Posey7556
DeKalb74511
Fayette73218
Jasper6435
Miami6425
Steuben6408
Montgomery60422
White59915
Greene55838
Scott53413
Decatur51739
Adams5107
Whitley4696
Ripley4668
Clay4567
Sullivan45214
Wells44211
Starke4328
Wabash4329
Huntington4215
Orange41725
Spencer4046
Washington3843
Franklin37925
Jennings37313
Randolph37210
Fulton3714
Jefferson3455
Pike34018
Perry33314
Carroll33213
Jay3256
Fountain3193
Tipton28023
Vermillion2601
Parke2464
Blackford2313
Newton23011
Rush2254
Owen2101
Martin2010
Crawford1601
Pulaski1602
Brown1463
Ohio1317
Union1120
Benton1090
Switzerland960
Warren891
Unassigned0236