How to Address Member Concerns About the Marriott Breach

How to Address Member Concerns About the Marriott Breach

How to Address Member Concerns About the Marriott Breach

If your members have stayed at a Starwood hotel in recent years, they were most likely impacted by the recent Marriott data breach.

Earlier today, Marriott announced that the guest reservation system for their entire Starwood hotel chain had been hacked, exposing the data of over 500 million guests from as far back as 2014. That data includes personal and financial information such as names, dates of birth, phone numbers and credit card numbers.

Large-scale data breaches are unfortunately becoming more and more commonplace. Last year’s Equifax breach impacted nearly 44 percent of Americans and earlier this year it was revealed that Yahoo! had suffered one of the largest breaches in history.

As more data breaches like Marriott’s come to light, your members will likely have questions about how to safeguard and prevent their data from being stolen. Reinforcing security at the member level is often the best way to help eliminate critical points of vulnerability and keep hackers and fraudsters at bay.

To help address your members’ concerns about the Marriott breach, here are some helpful FAQs and practical measures members can take to play an active role in their data security now and in the future.

What do we know about the Marriott breach at this point?

According to Marriott:

A potential breach was first detected on September 8, 2018 when Marriott received an alert from an internal security tool. From now until then, the Marriott security team has been working to decrypt details of the information stolen and alerted its guests and the public on November 30, 2018.

In total, Marriott estimates that 500 million guest accounts were potentially exposed to hackers. Law enforcement has been involved and an active investigation is underway.

What information is most likely to have been exposed by the Marriott breach?

  • Names, mailing addresses, phone numbers, email addresses, passport numbers, genders and dates of birth for up to 327 million people have been exposed to hackers.
  • For millions of other guests, credit card numbers and card expiration dates were potentially compromised. There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.

What can members do now to protect themselves? 

  • Change your password: If you have a Starwood Preffered Guest account, login and change your password immediately. It may also be prudent to change the password for any accounts you have that use the same password.
  • Monitor your accounts: Log in to all of your accounts associated with any credit cards or financial information used to book a stay at a Starwood hotel. Look for any suspicious activity within your accounts and immediately notify your credit union or financial provider if you see any unusual behavior.
  • Check your credit reports: Review your credit reports for unauthorized accounts that are opened in your name.
  • Place a freeze on your credit: Information regarding filing a credit freeze can be found on the following credit bureau sites. You may also want to consider placing a fraud alert on your credit report.
  • Contact your credit union: It’s always a good time to remind your members that they have the full support of their credit unions in times like these.

What can members do to protect themselves in the future?

As data breaches become more widespread, members can do a few things now to protect themselves against future threats:

1) Employ basic computer security practices

  • Non-Technical
    • Don’t click on links in emails
    • Type the website address into the address bar of your web browser (Internet Explorer, Google Chrome, Firefox, Safari, etc.) or search for the address in a search engine (like Google).
    • Don’t open attachments you weren’t expecting to receive, regardless of who it appears to be coming from. If you need to open an attachment, make sure to scan it for viruses.
  • Technical
    • Keep your personal computers patched and up-to-date. This includes the operating system (Windows/Mac) as well as other computer applications (Adobe, Java, etc.)
  • Operating Systems
  • Applications

2) Use different passwords for different websites – Consider using a password tool that allows you to set different passwords across multiple websites, while allowing you to only have to remember one strong password.

3) Use an anti-virus tool on your personal computers – Choose a reputable anti-virus tool, as hackers often create fake ones.

4) Use the built-in firewall on your computer

5) Turn on Encryption for your computer – Make backups of your computer in case malware infects your system or you forget your encryption password.

When it comes to preventing and managing data breaches, we’re all in this together. Protecting your members against cybersecurity threats requires the latest fraud mitigation tools and active participation by members themselves. Contact us if you have questions or need support in connecting with your members.

If you want to stay up-to-date with the latest fraud trends and best practices, join our next “Fraudbuzz” webinar on December 20, 2018 at 11:00am PST: