Marriott has just announced that its online booking system for its Starwood properties suffered one of the biggest data breaches to date, with up to 500 million users’ information compromised as far back as 2014, including names, contact information, passport numbers and dates of birth for some 327 million users of the booking system and, potentially, credit card information. Marriott says that it can’t yet rule out the possibility the information necessary to decrypt stored credit card information was also accessed.
For comparison, the Equifax data breach affected about 143 million people.
The hotel industry may be particularly vulnerable to data breaches, according to Hospitality Technology, an industry publication, in an article from last year.
In the course of just a couple months at the end of 2015, Starwood, before it merged with Marriott this year, along with two other hotel chains announced they had been affected by malware attacks on their point of sale systems, a different type of data attack.
Now, Marriott has set up an information page and call center for customers who may have been affected and will be emailing affected customers. Marriott has also offered affected customers access to the WebWatcher service, which alerts users if their personal information is found online and provides some fraud loss assistance.
With more and more digitally-connected businesses and consumers, digital purse theft, as it were, is a growing concern all online shoppers must be aware of and prepared for.
Consumer reporters can help audiences identify the risks of data breaches, how to prevent and monitor for identity theft, and what do to if it happens.
What can happen when your personal information is accessed without authorization? It could be used for identity theft and fraud, including opening credit cards or utility accounts in your name. It can also be used in phishing attacks, when people use your information to pretend to be you and get things out of people, like money or more personal information.
Avoiding identity theft is all about protecting your data. For online shopping, the best way to protect information is to only use sites you trust, use secure connections, and watch your passwords. Don’t use the same password for multiple online accounts, select complex passwords, and change them regularly. Unfortunately, much of the onus rests on the businesses collecting your information. There are laws and regulations meant to protect data businesses collect, but breaches are still possible.
In this case, it is probably not necessary to cancel your credit cards, but it is always important to check credit card reports and regular bills for suspicious activity, not just after breaches but continually. Checking credit reports regularly, and being prepared to freeze your credit, is important to check for signs of identity theft.
What can you do if you believe your personal information has been used for identity theft or fraud? Document and report right away to your credit card company or your bank, your state consumer agency, and the Federal Trade Commission. Depending on the type of fraud, there are other steps that could also be necessary to protect your credit.
Data breaches are a reminder to businesses to improve their data protection processes and to consumers to be vigilant about protecting personal information and monitoring your data.
Money Matters personal finance contentNational Endowment for Financial Education