Marriott says its guest reservation system has been hacked, potentially exposing the personal information of 500 million guests.
From Time Magazine:
Up to 500 million guests of the hotel chain Marriott may have had their data stolen in a security breach, the company announced on Friday.
For some 327 million of those guests, the stolen information includes “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences,” according to the chain.
Here’s What You Need To Do:
Marriott began sending out messages on a rolling basis to affected customers on Friday to the email addresses associated with compromised accounts. Check those email addresses regularly — and be aware that you may not receive notification immediately, as it takes time to send 500 million emails.
If Your Information was indeed hacked:
Marriott says affected customers should monitor their accounts and bank statements for suspicious activity. More information can be found on its advice page for people affected by the breach.
It also warned of the risk that hackers could use information exposed by the data breach news to mount “phishing” attacks, in which people pretending to be someone they’re not trick you into giving them other valuable information, like credit card numbers.
Marriott said breach notification emails would only come from the address “email@example.com,” and that those emails would not contain attachments or requests for personal information, including passwords.
It would also be wise for you to change any passwords for other services that you know to be the same as the one you used for Marriott accounts.
As part of its response to the data breach, Marriott has set up a way for all guests to sign up to WebWatcher for free for one year. That site alerts you if your personal information is being shared on dodgy websites. U.S. users will also be eligible for compensation through the site if money is lost.
However, it’s not clear whether that compensation will be applicable to misuses of data that might occur after a year is up, or whether non-U.S. citizens will be able to obtain compensation.