Marriott suffers a massive breach of its guest records. Here’s how to protect yourself

Marriott gives update on its hack, says millions of passport numbers were stolen

The data of as many as 383 million travelers could have been compromised in a breach of Marriott’s Starwood Preferred Guest (SPG) database. After originally sharing information about the breach in November, the company released updated information on January 4, with fewer guests affected but some unencrypted passport numbers involved the breach. Marriott says an internal security tool recently alerted the company to the breach, but an investigation showed the unauthorized access began in 2014. The breach only includes the Starwood Preferred Guest loyalty program — guests who booked at a Marriott-owned property from another booking platform were not affected.

Marriott originally estimated that as many as 500 million guests may have had data compromised by the breach, though the company hasn’t yet completed the investigation. That number is now lower, with the company estimating as many as 383 million affected. For some guests, Marriott says payment card numbers and expiration dates were compromised. That payment data was encrypted, Marriott says, but the investigation hasn’t yet determined if the components needed to decrypt the data were also compromised.

Now, Marriott also says that around 5.25 million unencrypted passport numbers were also stolen, along with more than 20 million encrypted numbers. The company also says that payment information was only compromised for a small percentage of those affected by the breach  — around 8.5 encrypted numbers were affected, but a majority of those cards have already expired.

The company shared in November that around 327 million guests had non-payment-related data compromised, which can include their name, mailing address, phone number, email address, passport number, SPG account data, birth date, and gender, along with details like arrivals and departures, reservation dates, and communication preferences. Other guests had more limited data compromised, such as name, email, and mailing address, the company says.

“We deeply regret this incident happened,” Arne Sorenson, Marriott’s president and chief executive officer, said in a press release. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

The breach affected accounts using the SPG platform between 2014 and September 10, 2018. Marriott says affected guests were notified by email, and the call center can help guests determine if their passport numbers were part of the breach. The company is also offering a dedicated website and call center for affected users, as well as a free year of WebWatcher. The breach was also reported to law enforcement agencies.

“Today, Marriott is reaffirming our commitment to our guests around the world,” Sorenson said. “ We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

The SPG breech joins other recent data hacks inside the travel industry, including those affecting Orbitz, British Airways, and Cathay Pacific.

What can you do to protect yourself?

This incident is particularly severe because it includes the possible loss of payment card numbers, expiration dates, and other payment data. This data was encrypted, but that doesn’t mean it’s safe. Even the loss of address and phone number information is significant since it can be used to help criminals defraud victims.

Vivek Lakshman, vice president of Innovation at biometric security company ThumbSignIn, sees a reason for concern. “This is huge in its depth of knowledge about the customer and the reach of millions of customers,” he said. “If the information reaches the dark web, as it happens with other breaches, it can get to other hackers and can have a cascading impact on consumer accounts.”

If you’ve stayed at Marriott lately, or are otherwise worried that your data was compromised, you can protect yourself by using the usual methods. According to Lakshman, that includes changing your passwords, enabling two-factor authentication, and signing up for the Webwatcher service that Marriott has offered. You can take an even more extreme, and effective, step by freezing your credit. This will prevent criminals from using the compromised information to open new lines of credit in your name.

What will the consequences be for Marriott? That’s hard to say. Lakshman told Digital Trends that “apart from massive loss of customer trust, there are likely government fines for Marriott.” Yet he seemed skeptical that these fines will be substantial, adding that “[…] with the rate of breaches happening, even this will pass and be forgotten from consumer memory in a few years.”

Updated January 4, 2019: Added updated data from Marriott. 


WhatsApp has 400 million users in India, but no fix for its fake news problem

WhatsApp is struggling to stem the tide of fake news in India, its biggest market. In the last few years, its platform has been inundated with an around-the-clock avalanche of misinformation -- misleading mobs into lynching innocents and…

1.5% of Chrome users’ passwords are known to be compromised, according to Google

In February, a new feature was introduced to the Google Chrome browser which checks whether users' passwords are secure. Now, Google has released eye-opening stats gathered from Password Checkup.

Lawsuit over Capital One data breach could eventually get you sweet revenge

The law firm Colson Hicks Eidson has filed a class-action lawsuit against Capital One “for negligence in failing to safeguard consumers’ personal information” in the recent data breach that impacted 100 million consumers.

Critical Bluetooth security bug discovered. Protect yourself with a quick update

Researchers have discovered a major new security flaw in Bluetooth, which could leave millions of devices at risk of a malicious hack. The attack allows a hacker to “break” Bluetooth security without anyone knowing.
Smart Home

These are the best security camera systems to guard your small business

Security cameras can help small businesses but not all systems are created equally though, and each has its benefits and its drawbacks. We’ve rounded up the best security cameras for small businesses in 2019.

Boost your company's productivity with the best tablets for small businesses

Tablets and convertible laptops are increasingly popular with small companies. The ability to carry a lightweight tablet to and from the office and hook it up to a keyboard or even a monitor, gives entrepreneurs the flexibility they seek.
Small Business

PushSend is what all small businesses need for their marketing campaigns

Want to grow your small business through the use of great marketing tools? PushSend is an all-in-one package that includes email campaigns, landing pages, lead gen forms, and much more.

When customers don't carry cash, mobile card readers help small companies thrive

Small businesses that market directly to customers benefit from having a point of sale system ready for clients who don't carry cash. Card readers should support swipe, the newer chip standard, and various smartphone-based wallets.
Social Media

These 3 social media management tools will get your small businesses noticed

Social media is a great way to spread the word about your business, connect with customers and network. Here are the best social media management tools for small businesses to help you schedule posts, track engagement, and much more.

Amazon drops Pre-Prime Day discount on Brother black and white office printer

There are a lot of high-speed printers out in the market. A good option would be Brother's HL-L5100DN. This monochrome printer is normally sold for $200, but Amazon has cut 16% off the price, bringing its cost down to $168.

Need a computer for your small business? These are the desktop PCs to consider

Whether you need a powerful PC to work done or an elegant system for your customer-facing operation, we've selected some of the best desktops for your small business. From $500 to $5,000, these PCs will help you stay productive.
Smart Home

Arlo Pro vs. Pro 2 vs. Ultra: Which security cam is best for you?

Looking for the best security cam for your home or business? We're comparing the Arlo Pro vs. Pro 2 vs. Ultra to see which Arlo cam has the best features, the best deals, and which could work right for you.
Small Business

Norton vs. McAfee: Which Antivirus software is best for your small business?

Effective antivirus software is essential within a small business environment. With Norton and McAfee the biggest names in the business, we take a look at what's best for your company.

Mileage trackers offer businesses accurate record keeping and a tax boost

Small businesses that get out on the road for sales and service calls need reliable mileage trackers to help them control their time and driving expenses. Here are some of the best mileage tracking apps for iOS and Android.