*Information updated as of 1/07/2019

Marriott International announced that its guest reservation system has been hacked, and the personal information of approximately 383 million guests could be compromised. Due to the number of people potentially affected, this could be one of the largest data breaches that has occurred in recent history.

In September, Marriott, which recently acquired Starwood properties, received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the U.S. Upon further investigation, Marriott discovered that there had been unauthorized access by hackers through the Starwood guest reservation database system since 2014 – per their press release. The Starwood properties include: Sheraton, W Hotels, Westin, Le Meriden, Four Points by Sheraton, Aloft, Ritz Carlton, Renaissance and St. Regis.

At this time, there are 383 million* reported Marriott guests with a combination of exposed information such as: names, phone numbers, email addresses, passport numbers, date of birth and departure information. As noted in the newest release published on January 4th, 2019, “Marriott now believes that approximately 5.25 million unencrypted passport numbers were included in the information accessed by an unauthorized third party. The information accessed also includes approximately 20.3 million encrypted passport numbers.” This information could be used to commit identity theft, especially when a passport number is stolen. A thief could potentially take a passport number and create a fake identity. It’s also worth noting that “approximately 8.6 million encrypted payment cards were involved in the incident. Of that number, approximately 354,000 payment cards were unexpired as of September 2018.”

Unfortunately, this is not the first hotel that has experienced a cyber-attack similar to this. Both InterContinental Hotels and Hyatt Hotels were victims of a data breach last year.

What can you do now?

– If you receive a breach notification letter, consider using the free monitoring by WebWatcher that Marriott is providing for one year.

– Contact the Identity Theft Resource Center to speak with a victim advisor who can help you with your concerns. They are available via their toll-free number at 888-400-5530 or through our livechat feature, which is available on idtheftcenter.org.

– Check your credit report by going to annualcreditreport.com, which provides a free copy from each credit reporting agency every year. It is strongly recommended that those that think they may have been compromised place a free credit freeze for added protection.

Next steps:

– Monitor your financial accounts for any fraudulent activity such as banking statements, credit cards, utilities, etc.

– Keep an eye on your email and mail about this data breach or any potential fraud that could have been caused by it.

– Be on heightened alert for any phishing attempts or scams that are attempting to obtain your personal information over the phone or by getting you to click on a link in an email or text. Do not click on a link in an email if you’re not positive it’s from Marriott (they will be sending from the address starwoodhotels@email-marriott.com).

– Marriott will reimburse new passports for users who can prove they’ve been victims of fraudulent operations where the passport number was involved.

The Identity Theft Resource Center® (ITRC) is in no way affiliated, associated, authorized, endorsed by, or in any way officially connected with the Marriott. All information pertaining to this breach is taken from Marriot’s breach notices available to the general public.  All tips and recommendations are based solely on the information that Marriot has released to the public. All tips and recommendations are solely the opinion of the ITRC and do not reflect Marriott’s opinion or instructions to affected consumers.

Read next:

What To Do If My Passport is Lost or Stolen in the United States