On Friday, Marriott revealed a data breach that exposed the personal and financial information of up to 500 million guests.
— Bloomberg (@business) November 30, 2018
The breach affects customers who made reservations at any of the Starwood properties between 2015 and September 30th 2018. These hotels include:
- Aloft Hotels
- Element Hotels
- Four Points by Sheraton
- Le Méridien Hotels and Resorts
- The Luxury Collection
- Sheraton Hotels and Resorts
- St Regis
- Tribute Portfolio
- W Hotels
- Westin Hotels and Resorts
Hotels with a Marriott name were not affected, as they use a different booking system.
Marriott are contacting affected customers, but it may take time for you to receive the relevant email. You should also be aware that criminals might use this time to contact you with a phishing email – more advice on that below.
If you think you could have been affected by the breach, you should –
1. Check your bank statements and credit card statements. Look for any unexplained activity and contact your bank immediately if you find anything.
2. Order new bank cards.
3. Update your log in details and change your password to something secure and unique.
4. Check your Starwood Preferred Guest account for suspicious activity. If you notice anything, contact customer services to report it.
5. Be aware of phishing emails and phone calls – including those from Marriott or Starwood.
Time is reporting that ‘Marriott said breach notification emails would only come from the address “firstname.lastname@example.org,” and that those emails would not contain attachments or requests for personal information, including passwords.’
If in doubt, copy a phrase that does not include personal information and run a Google search, using double quotation marks to make sure Google searches the exact phrase. More information on how to deal with phone calls below.
6. Consider signing up for credit monitoring services. Read up on what is offered and work out if these are appropriate for you. Some people find them very useful, though Equifax was hit by a massive data breach in recent years. Marriott has reportedly arranged for affected customers to get a year’s free subscription to WebWatcher – definitely research this more before signing up.
- NCSC advice for Marriott customers is now available here.
- Marriott has published their latest information here.
- If a member of the public thinks they have been a victim of cyber crime or cyber-enabled fraud, they should use Action Fraud’s online fraud reporting tool any time of the day or night, or call 0300 123 2040.
- If you have been told that your personal details, such as your password, may have been accessed, you should ensure those details are not used on any other accounts
- Victims of cyber crime should be vigilant against suspicious phone calls or targeted emails
NCSC advice on phone calls
- If you do receive a phone call that is suspicious – for example, one that asks you for security information – do not divulge any information, and hang up.
- Pick up the phone and make sure there is a dial tone to ensure the caller is not still on the line.
- Contact the organisation that the caller claimed to be from – never using the details they provided during the call.
NCSC advice on targeted emails
- Fraudsters can use the data they’ve acquired to make their phishing messages look much more credible, including using real names and statements such as: ‘To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number’.
- These phishing messages may not relate to the organisation that has been breached, and may use more well-known brands. The NCSC has guidance on protecting yourself from phishing.
- Usually, if you are the target of a phishing message, your real name will not be used. However, if fraudsters do have your name, people will need to be extra vigilant around any message that purports to be from an organisation they deal with – especially when there are attachments or links which take people to sites asking for more personal information.
STARWOOD SECURITY BREACH:
1) Change your password on app
2) Activate two-step authentication (on any app that offers option)
4) Monitor credit cards for fraud #RossenReports
— Jeff Rossen (@jeffrossen) November 30, 2018
Here’s how to protect yourself after Marriott’s Starwood data breach. https://t.co/PljHStHQad
— CNBC (@CNBC) November 30, 2018
Marriott discloses 4-year breach involving the theft of personal and financial data on 500 million guests at its Starwood properties. No word yet whether this was an extension of the 2014-2015 breach at Starwood prior to its acquisition by Marriott https://t.co/cy9DqE1m8n pic.twitter.com/PKZI8sawfE
— briankrebs (@briankrebs) November 30, 2018
Marriott says Starwood guest reservation has been hacked:
– Data on 500 million guests potentially exposed
– Breach includes passport numbers, emails and mailing addresses
– Shares of Marriott slump in pre-market tradinghttps://t.co/0NaAPPuLMf
— Bloomberg (@business) November 30, 2018
Breaking: Starwood Hotels says 500 million guest records stolen in massive data breach, affecting W Hotels, St. Regis, Sheraton, Westin, and more. https://t.co/JOzO27aKEF
— Zack Whittaker (@zackwhittaker) November 30, 2018
BREAKING: Marriott announces massive Starwood guest reservation database hack; says believes it contains info on up to approx. 500,000,000 guests, and the company “understands the importance of protecting personal information.” https://t.co/NXVI73v33k
— NBC News (@NBCNews) November 30, 2018
|Like what you read? You can sign up here for our free Daily Updates. We also send out a Weekly K+R Update, bundling together all the kidnap, ransom and extortion news of the week in one easy to read newsletter. (Sign up on the same form using the options at the end.)|
If you found this post valuable, please show your appreciation by buying us a coffee. Thank you.