Marriott International announced Friday that personal information for up to 500 million of its guests may have been accessed as part of a breach to its Starwood guest reservation database. If you’ve stayed at a Marriott hotel in the past few years, this probably means you.
Marriott says that it first received an alert of the breach in September from an internal security tool, but later realised that there has been unauthorised access of the chain’s database since 2014, and that unauthorised party had also copied and encrypted information.
Through the breach, hackers may have gained access to information including a guest’s name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences, NBC News reports.
So, pretty much all your personal information except for your credit card info, which the chain says may have been acquired for some customers as well. Yay!
If you’ve stayed in a Marriott hotel over the past four years, then there’s a good chance your info was part of the breach. Marriott is emailing people today whom it thinks were impacted. If that’s you, here’s what to do:
Change Your Password
As with most breaches, a good way to kick things off is to change the password for your account. If you’re using the same password for other services, you’ll want to change your other passwords as well.
And as a general rule going forward, make sure you’re using a unique password for every service you use. While using the same password may make things easier, if a hacker gets your password to one account you’re essentially handing over the keys to your accounts on other services as well.
Protect yourself by using a different password everywhere. Even better, use a password manager to create and store super unique passwords for you.
Sign Up For WebWatcher
Marriott has set up a website for people impacted by the breach to get information. As part of that, it’s created a dedicated call center you can call with questions about the breach (that number is 877-273-9481 in the United States).
The chain is also offering guests the opportunity to enroll in WebWatcher for free for one year. That site monitors places on the web where people’s personal information often pops up after a breach, and then notifies you if your info makes an appearance. That service is available for Marriott guests in the United States, Canada, and the U.K. Marriott says that guests from the United States who complete the WebWatcher enrollment process will also be provided fraud consultation services and reimbursement coverage for free.
The website “Have I Been Pwnd” is also a good place to check for this info.
Watch Your Credit
After every breach like this, people recommend checking your credit report. For what its worth, I recommend setting up an alert on your credit report that you keep active all the time, not just when something like this goes down.
Most credit cards offer some sort of credit score monitoring service these days, and you’ll receive a notification whenever something new happens. It’s a good idea to stay on top of any changes to your report all the time, not just when you think there might be an issue.
And if you’re not planning on opening up any new loans or credit cards anytime soon, you may just want to freeze your credit altogether.
Assess the Potential Damage
On a high level, an easy first step is to visit the FTC’s IdentityTheft.gov site for recommendations on creating a “personal recovery plan” specific to the information that might have been compromised in this specific breach.
Overall, doing all this is going to be pretty time-consuming and annoying, but at the end of the day you’ll be happy you took the initiative to protect yourself.