Tech Made Simple

Hot Topics: Enter Our Apple HomePod Mini Giveaway | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Marriott Confirms 500 Million Starwood Accounts Breached: What You Should Do

by Suzanne Kantra on November 30, 2018

If you've stayed at a Starwood Hotel since 2014, you may be one of 500 million customers whose personal data was stolen in a data breach. Marriott, which owns Starwood Hotels, says the breach was discovered on September 10, 2018, but that hackers could have had access as far back as 2014. 

What was stolen

Hackers breached a database containing guest information, which could include the guest name, email address, arrival and departure information, Starwood rewards information, mailing address, phone number, date of birth, gender and passport number. It's possible that encrypted credit card information (and the means to decrypt it) was also stolen.  

Who is impacted

Your data may have been stolen if you made a reservation at a Starwood Hotels property in the last four years. Starwood Hotels brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties are also included. Marriott is saying that its own network of hotels does not appear to be affected. 

Today, Marriott began sending emails to those guests who were affected and whose email addresses are in the Starwood guest database. Keep in mind that it takes time to send half a billion emails, so you may not get your email immediately. Time is reporting that breach notification emails are only being sent from "starwoodhotels@email-marriott.com" and that they would not include attachments or request personal information, including passwords. If you're unsure of the origin of an email, check out our guide: How to Tell if an Email has Been Spoofed.

What you should do

  • Monitor your credit card and bank statements for suspicious activity.
  • Be extra careful when opening emails. Data stolen from the breach could be sold and used in phishing scams to try to trick you into giving hackers other valuable information. 
  • Change your password for your Marriott accounts. And If you've ever used your Marriott accounts passwords as the password to login to any other site or service, change those account passwords. Follow our tips for creating a strong password or use a password manager to help make the process of creating and managing multiple passwords easy.
  • If you think you were affected, Marriot is offering a year of WebWatcher for free. WebWatcher alerts you when your personal information is being shared. Registering also entitles you to free fraud consultation services and reimbursement coverage, should you lose money due to the breach. 
  • If you have questions, Marriott has established a dedicated call center (877.273.9481) and email support address (incidentsupport@kroll.com).

[Image credit: data breach concept via BigStockPhoto]


Topics

Privacy, News, Travel & Entertainment, Travel, Blog


Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.