What Everyone Needs to Know About the Marriott Data Breach

​Travel brings new experiences, but millions of travelers now face the unwanted experience of being part of the second-largest data breach in history. The Marriott hotel chain announced that its reservation system was breached over a 4-year period, exposing the personal information of at least 500 million guests. Before you say, “I’ve never stayed at a Marriott,” it’s not that simple, and there are lessons here for all of us, so read on.

​The information stolen in the Marriott breach includes birth dates, gender, email and mailing addresses, phone numbers, payment card information, and even passport numbers of many guests. The breach originated in the reservation system of Starwood Hotels, which Marriott acquired. Affected hotels include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels that participate in the Starwood Preferred Guest program, and Starwood-branded timeshare properties.

If you’ve stayed at any of these hotels, here are ways to protect yourself from identity theft:

• Review your credit card statements extra carefully for signs of fraudulent activity.
• Consider setting up a credit freeze to prevent thieves from setting up new accounts with your identity.
• If you’re a member of any Marriott or Starwood rewards program, watch for someone using your reward points or other suspicious activity.
• Take advantage of the online cyber-monitoring service that Marriott is offering free to guests for one year. The service does not include credit monitoring, but the service is free, so use it even if you opt to purchase more comprehensive protection.
• Marriott has offered to pay for new passports for guests who become victims of fraud. Passport fraud may be hard to detect, and, again, it may not show up for years, but if you do become a victim, take advantage of this.
• Scams pop up in the wake of a breach like this, so beware of calls, mail, or email purporting to offer assistance to breach victims and asking for your personal information.

Even if you’ve never stayed at a Marriott-owned hotel, this breach offers lessons worth heeding. Breaches are becoming bigger, badder, and more frequent. Like this one, breaches often go on for years before they are discovered, so you can become a victim without any warning. And when breaches are discovered, the organizations involved tend to offer limited remedies for a limited time, so you need to protect your own identity proactively. The best way to do that is with a comprehensive identity theft protection plan, such as MyIDCare, that offers a host of monitoring services to help you catch fraudulent activity together with expert identity recovery (not just someone to advise you in recovering your own identity), and insurance. (It makes a great gift for the travelers in your life, too.) When you own the means to protect your identity, you can go anywhere with confidence.