A Data Breach Hits Marriott: Customers Must Change Passwords NOW

marriot hotels data breach

Data breaches seem to have been all the rage recently. Such business giants as Amazon, Yahoo, Ticketmaster, Equifax, and others have all reported data breaches this year. And now we have the newest victim on the line: Marriott International. Marriott International is an American hospitality company that manages hotels and lodging facilities. Anyone who has ever stayed at a hotel knows that they collect such personal information as names, addresses, and even passport numbers. Therefore, it is clear that the data breach reported by the largest hotel chain in the world is bound to affect millions. In this blog post, we will talk more about the incident and what the users affected by the data breach should do to protect their information.

How Did the Marriott Data Breach Occur

Marriott reported the data breach on Friday, November 30th. The report claimed that an “unauthorized party” managed to access personal information of around 500 million Starwood customers. Starwood happens to be one of the Marriott subsidiaries. The data that was exposed included such sensitive information as passwords, email addresses, departure and arrival dates, and even passport numbers. The company suggested that the malevolent third party tried to remove the said data, but it didn't say explicitly whether the attempt was successful.

It was hard to say who was responsible for this shocking breach at the time. However, almost two weeks later, there are U.S. government investigators who believe that it was very likely the Chinese state hackers were behind the attack. Of course, the investigation is far from over yet, so it is hard to draw definite conclusions. Nevertheless, it wouldn't be too surprising because Chinese hackers have previously been held responsible for data breaches at Anthem and CareFirst. In the meantime, the FBI declined to comment on this claim.

Let's say the data breach was really performed by Chinese hackers. What do they actually gain from this? Since Marriott's Starwood is a big hotel chain, the stolen data could be used to build dossiers and monitor diplomats, military personnel, journalists, and other individuals who are deemed to have important information.

In the meantime, Marriott only repeated their previous stance on the data breach on December 11th, saying that their primary objective is to help their clients and that they do not have information about the criminals behind the attack.

Marriott International Sued for Data Exposure

It is probably a good idea that Marriott's main objective is the satisfaction of their clients because it is clear that not everyone is happy about what happened. For example, almost immediately after the data breach was reported, two men from Oregon sued Marriott International, and another lawsuit was filed in Maryland soon enough.

Keeping in mind that 500 million users were affected by this data breach, if the lawsuits aren't dropped, Marriott might end up paying billions of dollars in compensation. For example, both of the lawsuits mentioned above seek class-action status. Although we don't know about the number of damages specified in the Maryland suit, the Oregon lawsuit expects $12.5 billion in costs and losses. And that amounts for around half of Marriot International's annual revenue. On the other hand, while it is clear that users affected by the data breach must be compensated for the losses; there is another side of this issue, too. The point is that there are also certain points the users themselves can do to protect their data.

What Can You Do to Protect Your Personal Data

The first thing you have to do is reset your Marriott password and login. You can do that by opening the Change Password form, which you can find at the Marriott's website. The process is self-explanatory. You have to enter your email address, then your current password, and repeat the new password twice. Once you click the Submit button, you will reset your Marriot password and login.

If you find it challenging to come up with a new password on the spot, you can make use of Cyclonis Password Manager. This tool can help you generate new and strong passwords or check the current password strength. By strong passwords, we mean passwords that consist of lower case and upper case letters, numerals, and special characters. These passwords also have to be relatively long because then it is harder to crack them. What's more, you can also use this password manager to store your passwords, so you do not need to remember them!

Aside from resetting the Marriott password and login, there are also several other things you might want to pay attention to. For instance, you should be careful about the emails you open. In the light of the data breach, you are bound to receive an email from Marriott, but there might also be an onslaught of spam messages that try to impersonate the company. Thus, to avoid malicious phishing attacks, you need to be attentive about the messages you open.

Next, you might want to consider freezing your credit. This stops criminals from opening a new credit line unless you lift the freeze. To do that, you need to contact your credit company. Credit freezes are useful when there is a possibility that someone might have gotten ahold of your personally identifiable information (which is the case in the Marriott's data breach). By freezing your credit, you would prevent a third party from applying for a credit card, loans, and mortgages by using your personal information.

Also, it's not a bad idea to employ a third-party service for online monitoring. For example, Starwood usually gives a free annual trial for WebWatcher to all of its guests. This monitoring tool looks out for personal information going up for sale on black markets online. Although the efficiency of this service hasn't been proven yet, the general consensus is that it wouldn't hurt to employ something like that.

All in all, it is very unfortunate that data breaches like the one Marriott International experienced happen in the first place. Companies and individual users can try to employ a variety of security measures to prevent such attacks, but one has to realize that in the face of experienced hackers these measures might not be absolutely fail-proof.

December 27, 2018