Marriott International announced last week that it had been hit by a massive data breach — exposing the private information of about 500 million guests.
According to Marriott, hackers have had unauthorized access to its Starwood guest reservation system since 2014, giving the attackers a view into sensitive data of up to 500 million people who booked a stay at a Starwood property.
For about 327 million guests, the exposed information includes some combination of their name, mailing address, email, date of birth, phone number, gender, certain travel information, communication preference and passport numbers. For some, the information also includes credit card numbers.
The hotel giant said Friday that it would begin emailing alerts to affected guests whose emails are in the Starwood guest reservation database. If you’ve received the email, or if you’ve stayed at a Starwood property in the past and are worried about your information, here are some steps you should consider taking to help protect yourself.
What can you do?
Explore Marriott’s resources
Marriott has set up a dedicated website to provide information about the breach. It also established a call center open seven days a week to field questions from concerned guests. Phone numbers for the call center are available at the link above.
You can use these resources to get answers to your biggest questions about what happened. The company also said it would provide free one-year access to WebWatcher, a tool that monitors internet sites that commonly share personal information and alerts you if it finds evidence that your information is on the site.
Change your passwords
Even if you’re not sure whether you were affected by this particular breach, it’s probably wise to go ahead and change your passwords on the Starwood and Marriott websites — and anywhere else you used the same email and password combination. When changing your passwords, make sure they’re strong and hard to guess. For example, use a mix of letters, numbers, cases and symbols. Avoid using the same password across multiple sites.
Worried you’ll have trouble remembering your various passwords? Try using a password manager to keep track of them.
Set up multifactor authentication
Unfortunately, having a strong password won’t cut it if the site doesn’t store it securely. For an added layer of protection, consider enabling two-factor authentication on any site or account that offers it.
Typically, this will involve entering in a code sent to you via a separate channel (think your email or phone number). This extra step requires you or anyone else trying to log in to your accounts to have more than just a username and password.
Freeze your credit, then set up fraud alerts
If you’re worried that your information may have been compromised in the Marriott data breach, you can ask the three major consumer credit bureaus — TransUnion, Experian and Equifax — to freeze or place a fraud alert on your credit reports.
Freezing your credit is free and makes it more difficult for fraudsters to open new financial accounts in your name. A credit freeze restricts access to your credit report.
Alternatively, you may want to consider a fraud alert, which gives potential lenders and creditors a heads-up that someone may try to fraudulently open an account or a new line of credit in your name.
You can also sign up for free credit monitoring with Credit Karma. We’ll notify you if we notice significant changes on your TransUnion® or Equifax® credit reports so you can check for suspicious activity.