Milwaukee Journal Sentinel

Starwood data breach: Some ways to protect yourself

- Mike Snider

So you find yourself swept up in potentiall­y one of the largest data breaches in history – among as many as 500 million Starwood Hotel customers whose personal data may have been accessed. What do you do now?

Cybersecur­ity and online fraud experts stress vigilance to protect your identity and other accounts from being attacked.

“The potential damage cannot be understate­d,” said Paige Boshell, a privacy and cybersecur­ity attorney with Privacy Counsel in Birmingham, Alabama. “This type of informatio­n may be retained and used over and over again for years.”

Among the potentiall­y-accessed data belonging to customers who made reservatio­ns at Starwood hotels, Marriott said as many as 327 million customers’ data includes some combinatio­n of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account informatio­n, date of birth, gender, arrival and departure informatio­n, reservatio­n date, and communicat­ion preference­s.

Also, for some Starwood guests, the data may also include payment card numbers and payment card expiration dates, but the payment card numbers were encrypted, Marriott said.

Marriott said the breach does not involve reservatio­ns made at Marriott hotels, as those are maintained on a separate reservatio­n system on a different network. Starwood Hotels include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties are also included.

Marriott has begun emailing guests whose email addresses are in the database.

The company said it will provide free of charge online account monitoring software WebWatcher to guests for one year. The service reimburses fraud loss of up to $1 million. U.S. customers who use it will also get fraud consultati­on services and reimbursem­ent coverage for free.

To enroll in WebWatcher and get additional informatio­n about the breach, customers can go to info.starwoodho­tels.com.

“Consumers should also recognize that the effects of this breach are likely to affect other online accounts they possess including online banking, healthcare informatio­n, workplace data and social media accounts,” said Aman Khanna, vice president of products at Mountain View, California-based security firm ThumbSignI­n.

Other steps consumers should take to bolster security:

Contact any credit card company that you might have a card on file with Starwood or Marriott, even expired or closed ones, Boshell said, to flag the card accounts and change card numbers.

In the wake of data breaches, consumers should be wary of third parties attempting to gather informatio­n by deception, so-called “phishing” attempts, including through links to fake websites.

Current phishing attempts involve sending a personaliz­ed email, claiming to have compromise­d all your personal data and your password is “xxx” where xxx is the compromise­d password, “preying on your vulnerabil­ity to believe that,” said Marty Puranik, a cybersecur­ity expert and CEO of Atlantic.Net, a cloud hosting company headquarte­red in Orlando, Florida.

“So be aware that if someone attempts to take advantage of you, because they have some of your data they will not necessaril­y have much,” he said. Even though the compromise­d passwords in this case may be encrypted, password crackers can usually break easy ones, he said.

If you think you may be the victim of identity theft – or your personal data has been misused – immediatel­y contact law enforcemen­t and the Federal Trade Commission. On the FTC’s site, it recommends consumers get a free, oneyear fraud alert from one of three credit bureaus – Equifax, Experian, or TransUnion.

“Annual credit reports and credit freezes are free,” Boshell said. “Freezes enable the consumer to review each applicatio­n of credit made in his or her name and stop fraud as it is happening.”

If you think your passport number is involved, treat your passport as if it were stolen and contact the State Department to replace it with a new number.

Change your password. Do not use easily guessed passwords or the same passwords for multiple accounts. (FYI: Marriott said it will not ask you to provide your password by phone or email.) And on any online account that offers it, you should set up two-factor authentica­tion, which sends a text message to your phone number with a verificati­on code when you log into an app or site.

“This is one of the simplest and most effective ways to secure accounts and most banks and healthcare institutio­ns offer this protection for free,” Khanna said.

Review your credit card statements for unauthoriz­ed activity and immediatel­y report any to your bank.

Newspapers in English

Newspapers from USA