Close

Alert! Marriott Under Attack: 500 Million Data Breach

Posted on in Service Solutions, Cybersecurity, Business Operations

If you've stayed at a Starwood hotel in recent years, there's a good chance you've been impacted by a massive data breach that potentially exposed the personal data of about 500 million guests. You can expect a raft of phishing attacks that try to exploit this data breach, either by using just scare tactics, or by using actual data from the breach itself to make it look as real as possible.

What happened? 

Marriott — which owns Starwood hotels on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.

For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. This kind of information could be used to steal your identity and open bank accounts, credit cards or loans in your name.

The hotel chain said it has reported the hack to law enforcement.  Marriott said it will begin emailing guests affected by the breach and has created an informational website. There's also a call center that's been set up.

How did this happen?

Marriott said hackers had gained "unauthorized access" to the Starwood reservation system since 2014, but the company only identified the issue last week.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement.

Why you should care?

Consumers should work under the assumption cyber criminals already have access to their information as breaches become increasingly common. Having a very healthy dose of skepticism moving forward is probably the best way to safeguard yourself in an era where all your information has been divulged.

You can expect a raft of phishing attacks that try to exploit this data breach, either by using just scare tactics, or by using actual data from the breach itself to make it look as real as possible.

What you should do?

  1. Signup for monitoring service.The company is providing guests a free 1 year membership to WebWatcher, a personal information monitoring service.
  2. Monitor your loyalty accounts for suspicious activity, change account passwords and check credit card statements for unauthorized activity.
  3.  Avoid saving credit information on websites.Experts recommend minimizing the number of places where you store credit card information. However, this doesn't mean your data will be safe or protected -- it just helps cut down on the risk.
  4. Another option is to use services such as PayPal, Google Pay, or Apple Pay, which let you pay for goods and services without divulging your credit card to the company you're buying from.
  5.  Be vigilant: most likely your data is in the hands of hackers and if it isn’t, it most likely will be in the next couple years.
  6.  Experts caution internet users to be wary of "phishing" attempts by bad actors looking to steal your data, including through bogus emails, fake links and fraudulent websites and using either scare tactics, or by using actual data from the breach itself to make it look as real as possible.

*Strengthen your network security by training your employees to be another line of defense.  We are offering 50% off VGM’s cyber awareness training videos when you purchase an annual subscription.  Contact me in 2018 and get started protecting your business.

Contact me at 319-874-4797 or by email at [email protected].

Carol Albaugh is a security professional with VGM specializing in technology and security services for businesses in the health care industry