500 Million Marriott Guests’ Data May Have Been Compromised in the Largest Reported Data Breach since the Yahoo BreachNovember 30, 2018
Marriott International, the world’s largest hotel chain, confirmed that up to 500 million guests’ information may have been breached when hackers accessed its Starwood guest reservation database. The hotel chain doesn’t believe its reservation system was affected since it’s on a different network. Marriott was first alerted in September of this year, but the hackers had unauthorized access to their system since 2014. This breach could potentially be one of the largest in history, behind the hacking of about 3 billion Yahoo accounts.
For about 327 million guests, their names, phone numbers, mailing addresses, email addresses, passport numbers, Starwood Preferred Guess account information, date of birth, gender, arrival and departure information, reservation dates, and communication preferences were exposed. For millions others, credit card numbers and card expiration dates were potentially compromised. At this time, Marriott can’t confirm if the hackers have been able to decode the encrypted credit card information taken by the thieves.
The hotel chain has reported the hack to law enforcement and begun informing customers of the breach, including in the U.S., Canada, and the U.K. Marriott will also provide online identity monitoring to guests, free of charge for one year. This service reimburses fraud loss, or out-of-pocket expenses related to the fraud, of up to $1 million. U.S. customers who use it will also get fraud consultation services and reimbursement coverage.
Marriott-owned Starwood is the largest hotel chain in the world, with more than 11 brands covering 1,200 properties. Its brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included in the chains that may be affected in this breach.
Safety Measures & Proactive Monitoring are Key
Despite the frequency of data breaches or consumer fatigue regarding these incidents, it’s more important than ever for consumers to be vigilant in protecting themselves against identity fraud. If your customers or employees aren’t part of this massive data breach, we know that the future holds many breaches yet to come, so the time to act is now. Share the following data breach safety measures with your customers and employees to help reduce their risk:
- Make monitoring activity on your financial and credit card accounts part of your routine.
- Set up two-factor authentication where available for extra security.
- Rethink the information you’re sharing online (specifically social media). With so much information leaked in breaches, hackers are able to piece together compromised information with the information you publicly share to create a holistic picture of your identity.
- Always use strong and unique passwords, and don’t reuse passwords across multiple platforms (this allows hackers to access multiple accounts when just one is breached).
- Be on the lookout for any phishing emails. In the aftermath of any data breach, it’s common for those affected to receive an influx of phishing emails supposedly from the organization breached or other trusted service providers. Phishing emails are a common way fraudsters can get even more personal data from you.
- Sign up for an identity protection service that includes credit and identity monitoring if you haven’t already. Just be aware that not all monitoring services will protect you equally, so make sure you find a service with powerful monitoring capabilities and 24/7 full-service resolution assistance, should you ever find yourself the victim of fraud.
Comprehensive identity monitoring services should utilize automated monitoring AND human threat intelligence for its internet (surface, deep and dark web) surveillance and compromised credential monitoring. The monitoring should also include alerts so that if a customer’s information is detected, they can quickly assess and work with resolution experts to minimize any impact.
Some recommended information to monitor includes:
- Login credentials for online accounts
- Social Security number
- Email addresses
- Date of birth
- Debit/credit card numbers
- Bank account numbers
- Insurance card/policy number
- Drivers’ license number
- Loyalty card numbers
- Affinity card numbers
- Passport number
To learn more about protecting your customers’ and employees’ data with Generali Global Assistance identity and digital protection, request a demo.