Breach Brief – Marriott Starwood

Published On November 30, 2018 | By Tom Huskerson | Breach Briefs

Marriott Hotel chain announced a massive data breach involving 500 million customers worldwide. According to company officials for the past four years an unauthorized party had access to credit card numbers and expiration dates, passport numbers and birth dates of Marriott Starwood customers. 

A data breach of this size is considered record breaking for both its size and the duration that hackers had access. Most data breaches last only about 90 to 200 days before discovery. This breach dates back to 2014 and was only discovered in September. Last year’s Equifax data breach was a fraction of the Marriott breach hitting only 145 million people. Though the company announced the breach today internal security measures signaled a potential breach in early September. However the company could not decrypt the data defining what information had been exposed until last week.

Marriott purchased the Starwood Chain in 2016 and it appears only those hotels were affected. The chain includes The W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury CollectionLe Méridien and Four Points. Starwood’s timeshare properties were also included in the breach. None of the Marriott chains are believed affected.

Exposure of such combined vital information such as passport numbers and birthdates makes identity theft much easier. However, passports are usually used in person and employ a bevy of security measures to prevent counterfeiting. 

To their credit Marriott has reacted quickly to the breach. According to Marriott’s data breach website there is a dedicated call center for customers who need additional information and Marriott will be notifying affected customers via email.  Marriott Call Center Numbers for the U.S and Canada are 877-273-9481. For numbers to other countries please visit the Marriott website. Customers can also email Marriott at incidentsupport@kroll.com. Marriott is also offering enrollment  in WebWatcher service free for a year. The WebWatcher service monitors criminal websites for stolen or compromised personal information. The service is not available for all countries.

Marriott also offered the following tips to protect its customers from fraud and identity theft.

  • Monitor your SPG account for any suspicious activity.
  • Change your password regularly. Do not use easily guessed passwords.
  • Do not use the same passwords for multiple accounts.
  • Review your payment card account statements for unauthorized activity and immediately report unauthorized activity to the bank that issued your card.
  • Be vigilant against third parties attempting to gather information by deception (commonly known as “phishing”), including through links to fake websites.
  • Marriott will not ask you to provide your password by phone or email.
  • If you believe you are the victim of identity theft or your personal data has been misused, you should immediately contact your national data protection authority or local law enforcement.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *