Starwood Breach Exposes 500M Guests

Tuesday, 04 December 2018 / Published in Woo on Tech

Hold onto your hats, ladies and gents, because this latest breach is a doozy! Up to 500 million individuals who have transacted with Starwood Hotels & Resorts (now owned by Marriott) have had their information exposed in a massive breach. According to the statement released by Marriott, the Starwood guest reservation database was compromised as early as 2014 and information up to September of this year is considered exposed. Compounding the severity of this issue, already ranked as one of the largest so far, is the amount and type of data exposed “… includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.”

What this means for you

If you happened to be one of the 500M who has stayed at a Starwood, even if it was before 2014, it’s still likely that some of your personal information was exposed in this breach. Though Marriott has said they started contacting individuals affected, for some of us who stayed at a Starwood hotel before email address collection became common place (myself included), and have since changed mailing addresses, Marriott may have some difficulty contacting you to let you know you were impacted. To be on the safe side, you should definitely consider a credit freeze (if you haven’t already put one in place from the previous Equifax breach) and you should take advantage of Marriott’s offer of a free year of WebWatcher monitoring service. As the name suggests, this service will monitor the web for your personal information (which you can enter yourself) and alert you if any of those data points appears somewhere on the web. Granted, that might actually be you entering that info, but if not, you have a head start on countering a possible identity theft in progress. And while you are at it, why not sign up for an alert from HaveIBeenPwned.com which keeps track of all the major breaches and will also alert you if your email address is on the growing list of breaches occurring almost weekly now.