As you have probably heard the Marriott’s Starwood reservation database has been hacked. 500 million people have had their names, email addresses, mailing addresses, passport numbers, date of birth, and financial records illegally accessed. For now, an investigation is underway, but early indications allegedly implicate a nation-state hacking group.
No matter who was behind the attack, if you were affected you are going to need to ensure that you have protected yourself. The Marriott’s website states that:
"If you made a reservation on or before September 10, 2018 at a Starwood property, information you provided may have been involved.”
Here is a checklist of everything you should do if you believe you may have been affected:
Check to see if you are affected
The first thing to do is check to see if you have received an email from the Marriott. Marriott is sending out batches of emails to all affected customers. In addition, you can contact the Marriott’s call center or check its breach notification website to check whether your personal data is affected. You can also find out what data was affected.
Cancel your card and order a new one
If you are certain you were affected and you are concerned that your credit or debit card details might have been stolen and sold on the dark web; contact your bank at once, cancel the card, and order a new one. Also check previous statements to ensure that there has been no activity that you need to report to the bank and the police.
Sign up to WebWatcher
If you gain confirmation that you have been affected - or have reasonable suspicions to believe that you might have been affected - you can enroll in the identity monitoring service WebWatcher for one year. The Marriott is offering the service free to all affected customers.
Web Watcher permits customers to receive alerts if their information appears online (including the deep web). It also provides expense reimbursements caused by fraud or identify theft, and unlimited consultation with identity theft specialists. WebWatcher services can be accessed by customers in the US, Canada, and the UK.
Navigate to this page to take advantage of the service
Change your password
If you have stayed at any of the following SPG hotels or resorts (Starwood Preferred Guest/Starwood Hotels and Resorts Worldwide, LLC) in the last four years you are advised to go ahead and update your password. You can also sign up for the free monitoring with WebWatcher.
St. Regis
The Luxury Collection
W Hotels
Sheraton
Westin
Le Meridien
Tribute Portfolio
Design Hotels
Four Points
Aloft
Element
Update your passport number
Unfortunately, there are many ways for criminals to exploit passport numbers. These include tracking people’s movements, making counterfeit passports, and committing fraud. For this reason, citizens should strongly consider renewing their passport. US citizens can apply by mail or in person at an approved State Department facility. If your passport is relatively new, you will need to include a letter with the application that explains the reason for the change.