The Marriott Starwood Data Breach: What Happened & Tips to Prevent Identity Theft

Marriott Hotel
Credit Report Issues, Identity Theft No Comments

Marriott International experienced a breach of its Starwood guest reservation database that exposed the personal information of up to 500 million people. This incident is considered one of the largest data breaches in the hotel industry. If your information was exposed in the Marriott Starwood data breach, or you suspect it was exposed, learn what to do to and how to avoid being a victim of identity theft.

What Happened During the Starwood Data Breach?

In an announcement made on November 30, 2018, Marriott received an internal security alert that there was an attempt to access the Starwood guest reservation database on September 8, 2018. Marriott immediately launched an investigation, and it soon discovered that there had been unauthorized access to the Starwood network since 2014.

The Starwood data breach included a guest reservation database that held information for up to approximately 500 million guests who made Starwood property reservations on or before September 10, 2018. Hackers had access to information such as people’s names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty account information, and reservation information.

For some, the stolen information included payment card numbers and expiration dates. This information was encrypted, but Marriott was not sure if the hackers were able to steal the decryption methods.

In an update made on January 4, 2018, the Marriott data breach included approximately 8.6 million encrypted payment card numbers, approximately 5.25 million unencrypted passport numbers and approximately 20.3 million encrypted passport numbers.

Are You a Victim of the Starwood Data Breach?

Only reservations for Starwood properties were involved in the breach. The affected guest reservation database was only used for Starwood reservations. Reservations made at Marriott properties are held in a separate system on a different network. If you made a reservation at a Starwood property on or before September 10, 2018, your information may be included in the Starwood data breach.

Marriott International, Inc. acquired Starwood Hotels & Resorts Worldwide in August 2018, thus creating the largest hotel company in the world. While Starwood Hotels & Resorts Worldwide is now a subsidiary of Marriott International, only Starwood properties were involved in the breach.

Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Meridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties are also included.

Data Breaches in the Hotel Industry

The Starwood data breach is just one of the recent data breaches in the hotel industry, but it is being considered the largest. Other hotel breaches in 2017 and 2018 include Radisson Hotel Group, Hilton, Hyatt Hotels Corporation and Sabre Hospitality Solutions.

Can My Identity Be Stolen With My Passport Number?

The U.S. Department of State confirms that its records and IT systems do not connect to those of outside companies, such as the Marriott and Starwood guest reservation databases. No one can access or obtain copies of a U.S. citizen’s records with just a passport number.

If you have a physically lost or stolen passport, identity theft may occur. With a stolen passport, an identity thief has personally identifiable information, like your full name, date of birth and photo, in one place. It is critical to immediately report a lost or stolen passport to lessen the impact of identity theft.

Only report a passport as lost or stolen if the physical passport book or card is lost or stolen; don’t report a stolen passport number. The U.S. Department of State does recommend making a report for a stolen passport number. If you report a passport as lost or stolen, it will be considered invalid and you won’t be permitted for international travel.

If your passport number was stolen, you may apply to renew your passport. You will need to turn in the initial passport, which you’ll receive back; it’s a good idea to hang onto your old passport to prove your U.S. citizenship. Your new passport will have a new number that is different from the stolen passport number.

No one can travel internationally using only a U.S. passport number. You must present an original and physical passport when entering a foreign country and when returning to the United States.

Cost of a Data Breach – Tips to Prevent Identity Theft

With the right amount of information, an identity thief can ruin your credit. They can:

  • take out loans in your name
  • go on spending sprees using your payment card information
  • open a new credit card or account
  • change information on your credit card account

Steps to Take After the Recent Data Breach

If your information was compromised during the Marriott data breach, there are a few steps you can take to protect yourself from the misuse of your personal information. Marriott International set up an informational website, as well as a call center that can be reached at 877-273-9481, to further address guests’ concerns.

Marriott is also offering a complimentary enrollment in WebWatcher for one year to its guests in certain countries. WebWatcher monitors internet sites where personal information is shared and will alert consumers if evidence of personal information is found.

How to Avoid Being a Victim of Identity Theft

  • Check your credit reports and confirm that the accounts listed are yours. You can get a free copy of your credit report every 12 months. Any unfamiliar activity can be a sign of identity theft.
  • Review your payment card statements carefully. Confirm that all charges are made by you. If you find fraudulent charges, contact your credit card company or bank right away. Report the fraud and request a new payment card number.
  • Place a fraud alert on your credit files and financial accounts. A fraud alert warns creditors that you may be a victim of identity theft. When someone seeks credit in your name, the creditor will take extra steps to verify that it really is you. The fraud alert is free and will last for a year.
  • Place a free credit freeze on your credit reports. When your credit file is frozen, lenders and other companies cannot view your credit. A consumer cannot open new accounts while his or her file is frozen.
  • Change passwords to all your private accounts, including email and online financial profiles. Make it a phrase that is hard to guess and that no one else knows.
  • Sign up for a credit- or identity-monitoring service. If your information was compromised in the Starwood data breach, Marriott is offering one year of complimentary identity monitoring through WebWatcher.
  • Be wary of credit repair scams following a data breach. Scammers will see that consumers’ credit has been impacted in the data breach, and they will offer fraudulent repair services.

If there are unfamiliar accounts or other mistakes on your credit report, you have the right to dispute this information and have it removed from your credit report. The Fair Credit Reporting Act gives credit reporting agencies 30 days to look into the dispute and correct the error. If your dispute is ignored or unresolved after 30 days, you have the right to sue the credit bureau.

Additionally, a debt collector may contact you about a loan in your name that you did not actually take out. The Fair Debt Collection Practices Act gives you the right to request a validation check on the debt to prove it is really yours. If debt collectors contact you during the validation period, or continue to contact you after you dispute, you have the right to sue.

If your information was involved in the Marriott Starwood data breach, it’s time to jump into action. The consumer protection attorneys at Francis Mailman Soumilas, P.C. are here to help you. The aftermath of a data breach can be devastating, and you shouldn’t have to fight alone. File a case review now to get free legal help, or call 1-877-735-8600 now.