What to Do in The Wake of a Data Breach
Marriott International announced at the end of November that a breach of its Starwood guest reservation database exposed the personal information of up to 500 million people. If your information was exposed, there are steps you can take to help guard against its misuse.
According to Marriott, the hackers accessed people’s names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information. For some, they also stole payment card numbers and expiration dates. Marriott says the payment card numbers were encrypted, but it does not yet know if the hackers also stole the information needed to decrypt them.
The hotel chain stated the breach began in 2014 and anyone who made a reservation at a Starwood property on or before September 10, 2018 could be affected. Starwood brands include, but are not limited to, W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts.
The company has set up an informational website, https://answers.kroll.com, and a call center, 877-273-9481, to answer questions. It says affected customers also can sign up for a year of free services that will monitor websites that criminals use to share people’s personal information.
Better Business Bureau has suggestions for consumers concerned that their credit or debit cards may have been compromised by a data breach.
- Stay calm. Consumers are not liable for fraudulent charges on stolen account numbers.
- Check with the website of the company that was breached for the latest information. Type the company name directly into your browser. Do NOT click on a link from an email or social media message.
- If a credit card has been compromised, you will likely hear from the bank or card-issuer first. If you have questions, call the customer service number on your card.
- Consider putting a credit freeze or fraud alert on your credit reports with the three major credit reporting agencies (bbb.org/creditfreeze). A credit freeze will prevent anyone from accessing your credit report or scores. This means you cannot apply for new credit without lifting the freeze. A fraud alert flags your account but does not automatically halt new credit being opened in your name.
- annualcreditreport.com is the only website authorized by the Federal Trade Commission to provide you with a free annual credit report. Be wary of ads, emails, and social media messages for other services. Everyone should check their credit reports annually, whether they have been the victim of a data breach.
- If your credit card(s) has been breached:
- Monitor your credit card statements carefully (go online; don’t wait for the paper statement).
- If you see a fraudulent charge, report it to your bank or credit card issuer immediately so the charge can be reversed, and a new card issued.
- Keep receipts in case you need to prove which charges you authorized and which ones you did not.
- If your debit card has been breached:
- Do all the above as for credit cards but pay very careful attention to your account. Debit cards do not have the same protections as credit cards and debit transactions withdraw funds directly from your bank account.
- Contact your bank for more information, or if you want to pre-emptively request a new debit card or put a security block on your account.
- Beware of scammers who may purport to be from the retailer, your bank, or your credit card issuer, telling you that your card was compromised and suggesting actions to “fix” the problem. Phishing emails may attempt to fool you into providing your credit card information or ask you to click on a link or open an attachment, which can download malware onto your computer.