Marriott suffers breach of 500M guest records. Here’s how to protect yourself

The data of as many as 500 million travelers could have been compromised in a breach of Marriott’s Starwood Preferred Guest (SPG) database. Marriott says an internal security tool recently alerted the company to the breach, but an investigation showed the unauthorized access began in 2014. The breach only includes the Starwood Preferred Guest loyalty program — guests who booked at a Marriott-owned property from another booking platform were not affected.

Marriott estimates as many as 500 million guests may have had data compromised by the breach, though the company hasn’t yet completed the investigation. For some guests, Marriott says payment card numbers and expiration dates were compromised. That payment data was encrypted, Marriott says, but the investigation hasn’t yet determined if the components needed to decrypt the data were also compromised.

Around 327 million guests had non-payment-related data compromised, which can include their name, mailing address, phone number, email address, passport number, SPG account data, birth date, and gender, along with details like arrivals and departures, reservation dates, and communication preferences. Other guests had more limited data compromised, such as name, email, and mailing address, the company says.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and chief executive officer, said in a press release.  “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

The breach affected accounts using the SPG platform between 2014 and September 10, 2018. Marriott says affected guests will begin receiving email notifications as of today. The company is also offering a dedicated website and call center for affected users, as well as a free year of WebWatcher. The breach was also reported to law enforcement agencies.

“Today, Marriott is reaffirming our commitment to our guests around the world,” Sorenson said. “ We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

The SPG breech joins other recent data hacks inside the travel industry, including those affecting Orbitz, British Airways, and Cathay Pacific.

What can you do to protect yourself?

This incident is particularly severe because it includes the possible loss of payment card numbers, expiration dates, and other payment data. This data was encrypted, but that doesn’t mean it’s safe. Even the loss of address and phone number information is significant, since it can be used to help criminals defraud victims.

Vivek Lakshman, vice president of Innovation at biometric security company ThumbSignIn, sees reason for concern. “This is huge in its depth of knowledge about the customer and the reach of millions of customers,” he said. “If the information reaches the dark web, as it happens with other breaches, it can get to other hackers and can have cascading impact on consumer accounts.”

If you’ve stayed at Marriott lately, or are otherwise worried that your data was compromised, you can protect yourself using the usual methods. According to Lakshman, that includes changing your passwords, enabling two-factor authentication, and signing up for the Webwatcher service that Marriott has offered. You can take an even more extreme, and effective, step by freezing your credit. This will prevent criminals from using the compromised information to open new lines of credit in your name.

What will the consequences be for Marriott? That’s hard to say. Lakshman told Digital Trends that “apart from massive loss of customer trust, there are likely government fines for Marriott.” Yet he seemed skeptical that these fines will be substantial, adding that “[…] with the rate of breaches happening, even this will pass and be forgotten from consumer memory in a few years.”

Updated November 30, 2018: Added comment from Vivek Lakshman and additional information on how victims can safeguard themselves.

Features

Where Toronto sees smart sidewalks, residents see ‘1984.’ So what now?

Google-parent Alphabet is partnering with Toronto to develop a new, smart neighborhood, but some are concerned about privacy and the company’s motives. Could residents derail the project?
Deals

Brew, drip, or press a fresh cup of joe with today’s best deals on coffee makers

To kick off the day with a fresh cup or upgrade your home coffee machine to accommodate the preferences of dinner guests, check these hot deals for drip coffee makers, espresso machines, and single-serving devices on Walmart and Amazon.
Computing

Supermicro investigation: no spy chips found on our motherboards

Supermicro announced the results of an investigation into the controversy surrounding its motherboards. The investigation was launched in response to reports that alleged the motherboards were compromised with malicious hardware.
Smart Home

Ring Alarm vs. Nest Secure: Which one is right for you?

Thanks to the advance of technology, it's become really easy nowadays to secure your home and protect it from thieves, intruders, and unwanted guests. Which one of these two top contenders is right for you?
Computing

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.
Home Theater

AT&T’s new three-tiered streaming service will include movies, possibly HBO

AT&T has laid out new details for its planned streaming service that's set to launch in 2019. It will include three different price tiers, and will feature movies, original programming, and content from its acquisition of Time Warner.
Social Media

Ride the rails and share your stories with Amtrak’s new social media residency

Amtrak is looking for travel fans with a knack for telling stories on social media. The new Amtrak social media residency program wants amateur travelers to share photos, video, and written content from aboard long-distance trips.
Computing

A second Wells Fargo glitch results in the foreclosure of more homes

A computer error has struck Wells Fargo once again, resulting in hundreds more homes being mistakenly foreclosed after a first glitch was reported in August. To compensate one customer, the bank sent a check for $25,000.
Mobile

Samsung partners with AT&T to create a multi-band 5G smartphone for late 2019

Ready to experience a radical transformation in mobile communication? AT&T is launching mobile 5G in cities across the country over the next few months. Here's everything you need to know about the AT&T 5G rollout.
Mobile

Qualcomm's 3D Sonic fingerprint sensor could make your next phone more secure

Almost exactly a year after the launch of the Snapdragon 845, Qualcomm took the wraps off of its next-generation mobile platform, the new Snapdragon 855. The new chip puts an emphasis on A.I. performance.
Movies & TV

Movies Anywhere service adds Comcast films to its library and devices

Movies Anywhere lets you watch movies purchased from different services all in one place, and it just got even better with the addition of Comcast, which joins Microsoft, Amazon, iTunes, Google Play, Vudu, and FandangoNow.
Web

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?
Business

Amazon scouted airport locations for its cashier-free Amazon Go stores

Representatives of Amazon Go checkout-free retail stores connected with officials at Los Angeles and San Jose airports in June to discuss the possibility of cashier-free grab-and-go locations in busy terminals.
Business

‘Ralph Breaks the Internet’ wins one of the worst box-office weekends of 2018

Wreck-It Ralph sequel Ralph Breaks the Internet stayed on top of the weekend box office for the third week, winning what was one of the worst weekends for ticket sales in the US so far this year.