On Friday, Marriott revealed a data breach that exposed the personal and financial information of up to 500 million guests.

The breach affects customers who made reservations at any of the Starwood properties between 2015 and September 30th 2018. These hotels include:

  • Aloft Hotels
  • Element Hotels
  • Four Points by Sheraton
  • Le Méridien Hotels and Resorts
  • The Luxury Collection
  • Sheraton Hotels and Resorts
  • St Regis
  • Tribute Portfolio
  • W Hotels
  • Westin Hotels and Resorts

Hotels with a Marriott name were not affected, as they use a different booking system.


Marriott are contacting affected customers, but it may take time for you to receive the relevant email. You should also be aware that criminals might use this time to contact you with a phishing email – more advice on that below.

If you think you could have been affected by the breach, you should –

1. Check your bank statements and credit card statements. Look for any unexplained activity and contact your bank immediately if you find anything.

2. Order new bank cards.

3. Update your log in details and change your password to something secure and unique.

4. Check your Starwood Preferred Guest account for suspicious activity. If you notice anything, contact customer services to report it.

5. Be aware of phishing emails and phone calls – including those from Marriott or Starwood. 

Time is reporting that ‘Marriott said breach notification emails would only come from the address “starwoodhotels@email-marriott.com,” and that those emails would not contain attachments or requests for personal information, including passwords.’

If in doubt, copy a phrase that does not include personal information and run a Google search, using double quotation marks to make sure Google searches the exact phrase. More information on how to deal with phone calls below.

6. Consider signing up for credit monitoring services. Read up on what is offered and work out if these are appropriate for you. Some people find them very useful, though Equifax was hit by a massive data breach in recent years. Marriott has reportedly arranged for affected customers to get a year’s free subscription to WebWatcher – definitely research this more before signing up.

NCSC advice

The UK’s National Cyber Security Centre offers the following information and advice

  • NCSC advice for Marriott customers is now available here.
  • Marriott has published their latest information here.
  • If a member of the public thinks they have been a victim of cyber crime or cyber-enabled fraud, they should use Action Fraud’s online fraud reporting tool any time of the day or night, or call 0300 123 2040.
  • If you have been told that your personal details, such as your password, may have been accessed, you should ensure those details are not used on any other accounts
  • Victims of cyber crime should be vigilant against suspicious phone calls or targeted emails

NCSC advice on phone calls

  • If you do receive a phone call that is suspicious – for example, one that asks you for security information – do not divulge any information, and hang up. 
  • Pick up the phone and make sure there is a dial tone to ensure the caller is not still on the line. 
  • Contact the organisation that the caller claimed to be from – never using the details they provided during the call.

NCSC advice on targeted emails 

  • Fraudsters can use the data they’ve acquired to make their phishing messages look much more credible, including using real names and statements such as: ‘To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number’.
  • These phishing messages may not relate to the organisation that has been breached, and may use more well-known brands. The NCSC has guidance on protecting yourself from phishing.
  • Usually, if you are the target of a phishing message, your real name will not be used. However, if fraudsters do have your name, people will need to be extra vigilant around any message that purports to be from an organisation they deal with – especially when there are attachments or links which take people to sites asking for more personal information.

Further coverage

Like what you read? You can sign up here for our free Daily Updates. We also send out a Weekly K+R Update, bundling together all the kidnap, ransom and extortion news of the week in one easy to read newsletter. (Sign up on the same form using the options at the end.)

If you found this post valuable, please show your appreciation by buying us a coffee. Thank you.

Buy me a coffeeBuy me a coffee


Follow and subscribe!

Follow us on Twitter, LinkedIn, and Facebook. You can also subscribe to our free newsletters - the Daily Updates and the Weekly K+R Update.