Fact Checked

What to do if you were affected by the Marriott data breach

Businessman using cell phone at hotel front desk Image: Businessman using cell phone at hotel front desk

Editorial Note: Credit Karma receives compensation from third-party advertisers, but that doesn’t affect our editors’ opinions. Our marketing partners don’t review, approve or endorse our editorial content. It’s accurate to the best of our knowledge when posted. Availability of products, features and discounts may vary by state or territory. Read our Editorial Guidelines to learn more about our team.
Advertiser Disclosure

We think it's important for you to understand how we make money. It's pretty simple, actually. The offers for financial products you see on our platform come from companies who pay us. The money we make helps us give you access to free credit scores and reports and helps us create our other great tools and educational materials.

Compensation may factor into how and where products appear on our platform (and in what order). But since we generally make money when you find an offer you like and get, we try to show you offers we think are a good match for you. That's why we provide features like your Approval Odds and savings estimates.

Of course, the offers on our platform don't represent all financial products out there, but our goal is to show you as many great options as we can.

Marriott International announced last week that it had been hit by a massive data breach — exposing the private information of about 500 million guests.

According to Marriott, hackers have had unauthorized access to its Starwood guest reservation system since 2014, giving the attackers a view into sensitive data of up to 500 million people who booked a stay at a Starwood property.

For about 327 million guests, the exposed information includes some combination of their name, mailing address, email, date of birth, phone number, gender, certain travel information, communication preference and passport numbers. For some, the information also includes credit card numbers.

The hotel giant said Friday that it would begin emailing alerts to affected guests whose emails are in the Starwood guest reservation database. If you’ve received the email, or if you’ve stayed at a Starwood property in the past and are worried about your information, here are some steps you should consider taking to help protect yourself.

What can you do?

Explore Marriott’s resources

Marriott has set up a dedicated website to provide information about the breach. It also established a call center open seven days a week to field questions from concerned guests. Phone numbers for the call center are available at the link above.

You can use these resources to get answers to your biggest questions about what happened. The company also said it would provide free one-year access to WebWatcher, a tool that monitors internet sites that commonly share personal information and alerts you if it finds evidence that your information is on the site.

Change your passwords

Even if you’re not sure whether you were affected by this particular breach, it’s probably wise to go ahead and change your passwords on the Starwood and Marriott websites — and anywhere else you used the same email and password combination. When changing your passwords, make sure they’re strong and hard to guess. For example, use a mix of letters, numbers, cases and symbols. Avoid using the same password across multiple sites.

Worried you’ll have trouble remembering your various passwords? Try using a password manager to keep track of them.

Set up multifactor authentication

Unfortunately, having a strong password won’t cut it if the site doesn’t store it securely. For an added layer of protection, consider enabling two-factor authentication on any site or account that offers it.

Typically, this will involve entering in a code sent to you via a separate channel (think your email or phone number). This extra step requires you or anyone else trying to log in to your accounts to have more than just a username and password.

Freeze your credit, then set up fraud alerts

If you’re worried that your information may have been compromised in the Marriott data breach, you can ask the three major consumer credit bureaus — TransUnion, Experian and Equifax — to freeze or place a fraud alert on your credit reports.

Freezing your credit is free and makes it more difficult for fraudsters to open new financial accounts in your name. A credit freeze restricts access to your credit report.

Alternatively, you may want to consider a fraud alert, which gives potential lenders and creditors a heads-up that someone may try to fraudulently open an account or a new line of credit in your name.

You can also sign up for free credit monitoring with Credit Karma. We’ll notify you if we notice significant changes on your TransUnion® or Equifax® credit reports so you can check for suspicious activity.