Marriott November 2018 data breach: Everything you need to know

By now, you've probably heard about the recent Marriott data breach. It's a story that's been making the rounds like a crazy, as it should seeing as how it's one of the worst corporate data breaches to ever happen.

Whether you're a concerned Marriott customer or just want to stay informed about what's going on, here's everything you need to know.

What happened

On November 30, 2018, Marriott announced that a group of hackers obtained "unauthorized access" to the reservation system of its Starwood locations — a collection of hotels that the company purchased in 2016 which includes names like W Hotels, Sheraton, Westin, and St. Regis.

The hackers have had access to the system since 2014, but Marriot didn't find out until September 8, 2018, when it "received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States." Despite learning about this in September, an announcement wasn't made until today.

Here's what Marriot said in a press release:

The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.

Of that 500 million, the following information was exposed for 327 million people:

  • Names
  • Phone numbers
  • Email addresses
  • Passport numbers
  • Date of birth
  • Arrival and departure info

For everyone else, it's possible that credit card numbers and their expiration dates were obtained. Marriott notes that it can't 100% confirm whether or not the card numbers were decrypted, but that's obviously still not good either way.

The company's CEO and President, Arne Sorenson, responded to the situation with the following statement:

We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.

What Marriott is doing

Marriot has reported the incident to the authorities, and in the meantime, is sending emails to anyone that's been affected. You can visit this website for further information, and if you'd like to speak with a real person from Marriott about the matter, you can contact a dedicated call center. The number for the center is 877-273-9481 in the United States, and you can view the numbers for other countries on the site, too.

In addition to this, Marriot is also providing its guests with access to a free WebWatcher membership. WebWatcher is a personal information monitoring tool and has apps for Android, iOS, Windows, and Mac.

What you can do to stay safe

Any data breach needs to be taken seriously, but this one could prove to be especially damning.

Change as many online passwords as you can, get a new credit/debit card, and possibly consider changing your email address and phone number. Those may sound like drastic steps, but with so much data being exposed for so many people, you can never be too safe in a situation like this.

On the technical side of things, now's a good time to start using both a password manager and two-factor authentication if you aren't already. We have a few links below to help you get started.

Password managers

Two-factor authentication

Joe Maring