As the dust continues to settle from the Starwood guest reservation database security breach–which affects millions of business and convention travelers, as well as vacationers and tourists–potential victims are still waiting to hear the fate of their personal data. An investigation has determined that the guest information accessed without authorization was related to reservations at Starwood properties on or before Sept. 10, 2018.
“Marriott learned during the investigation that there had been unauthorized access to the Starwood networks since 2014,” the hotelier said in a news release. “The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On Nov. 19, 2018, Marriott was able to decrypt the information, and determined that the contents were from the Starwood guest-reservation database.”
While Marriott has not fully identified all duplicated information, here’s what has been determined:
Marriott noted that it has reported the incident to both law enforcement and regulatory authorities.
How does Marriott advise guests to proceed?
If you’re concerned that your information could be included in this breach, keep an eye on your inbox. The company began sending e-mails on Nov. 30 to affected guests that have their e-mail address in the Starwood guest-reservation database. The e-mails will continue to be sent on a rolling basis from the address firstname.lastname@example.org. Additionally, Marriott has also established a website and call center to answer questions about the incident, and advised guests to enroll in WebWatcher, which according to Marriott, “monitors internet sites where personal information is shared and generates an alert if evidence of your personal information is found.”
Moving forward, Rodney Pattison, chief technology officer at Acendas Travel, says to beware of people preying on victims of the breach.
“After a large-scale incident like this, fraudsters from around the world will inevitably jump at the chance to try and catch a few unsuspecting people out,” Pattison said. “If you receive any emails purporting to be from this incident or such – like mentioning it, asking for any personal information, or to click on unverified links–discard them.”
Although both Pattison and Brent Blake, president of Acendas, noted that from a traveler’s perspective, these kind of incidents are virtually unavoidable, the pair offered further tips for navigating a security breach if your information, specifically your credit or debit card, is involved: