Here's how to check if you were one of the 500 million customers affected by the Marriott hack
- Mariott Starwood hotels suffered a massive data breach, meaning that around 500 million customers have had their information compromised.
- Hackers accessed sensitive information from Starwood's reservation database in 2014, including mailing addresses, passport info, and credit card numbers.
- Marriott says guests who were affected - anyone who stayed at a Starwood property on or before September 10, 2018 - will be notified "on a rolling bases" starting November 30.
- Here's how you can find out more about whether your information was hacked and what you can do to protect yourself.
Marriott says it discovered earlier this month that hackers had access to its reservation system used for guests at Starwood hotels since 2014, and that customer information was copied and stolen.Read more: 500 million Marriott customers have had their data hacked after staying at hotels including W, Sheraton, and Westin
The hotel chain has "taken measures" to contain the breach and investigate the incident, according to a statement.
Marriott says that it started on Friday to reach out via email to affected customers "on a rolling basis," but only to those guests whose email address are provided in the Starwood reservation system. If you stayed at a Starwood property on or before September 10, 2018, keep a look out for an email from firstname.lastname@example.org.
If you're wondering if you my have been affected by the breach, here's what we know about whose information was accessed:
- Hackers first gained access to the reservation database in 2014. Customers affected include anyone who has stayed in a Starwood hotel on or before September 10, 2018.
- For 327 million customers, Marriott hasn't figured out exactly what information was accessed, but say it may include: name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
- Some customers may have had their payment card numbers and expiration dates compromised. Mariott says this information was encrypted, but hackers may have managed to decrypt it.
- For the remaining portion of the 500 million affected customers, the information accessed by the hackers may include your name, mailing address, email address, or "other information."
- Marriott uses a separate reservation system on a different network, so customers at Mariott hotels don't seem to have been affected.
- Starwood operates more than 1,000 hotels worldwide. Here's the breakdown of the affected properties owned by Starwood, a subsidiary of Marriott:
Marriott says it's already started to take some steps to support affected guests. A list of FAQs that customers may have can be found on the website that Marriott has established specifically for the data breach.There's also an established call center for customers, which is open seven days a week and available in multiple languages.
Additionally, Marriott says it will pay for guests to sign up for a year-long membership for WebWatcher software, which monitors where your personal information is shared online. However, this enrollment, as well as the availability of paid-for fraud consultation services and reimbursement coverage, is only available to customers in the U.S., U.K., and Canada.
Marriott also recommends that if you use the same or a similar password as the one associated with your SPG guest account, you should change it, and be on the lookout for any phishing emails asking for your login details.