Skip to main content

What you need to know about Marriott breach and how to protect yourself

Related News

WASHINGTON — The personal information of up to 500 million customers of the Marriott hotel empire, including their credit card and passport numbers, has been compromised in a massive data breach that stretches back to 2014, the company announced.

It’s one of the largest data breaches ever. But it’s not all that surprising, according to Brian Krebs, the cybercrime expert behind KrebsOnSecurity.

The latest breach affected hotel brands that were operated by Starwood, before that company was acquired by Marriott in 2016 — including W Hotels, St. Regis, Sheraton, Westin and others.

“Unfortunately, this is not super-uncommon for hotel chains, like Marriott and Starwood, which actually disclosed a breach back in 2015, stretching into 2014,” Krebs told WTOP.

Marriott has set up a dedicated website and call center for customers who were notified by email that they were affected by the breach. In addition, the hotel giant is offering customers a year of free service from WebWatcher, which is run by the data security firm, Kroll. WebWatcher monitors the so-called “dark web” where personal information is illegally sold.

Beyond that, what else can affected customers do?

Unfortunately, not a whole lot, Krebs said.

“The hotel industry really needs to get its act together on security and, unfortunately, this is only the latest incident of a hotel chain having multiple breaches over several periods of years,” Krebs said. “I guess unless consumers start voting with their wallet, I don’t know what else they can do.”

After years of big breaches, Krebs said people should assume that some of their personal data — including credit card information — is already for sale in the cybercrime underworld.

“When it comes to your personal information, you’re responsible for paying attention to this stuff. So you need to be paying very close attention to what’s in your credit card statement. And the best you can do is really just try to dispute anything that you don’t do.”

Another tool at your disposal? Consider freezing your credit file, so cyber criminals can’t open fraudulent lines of credit in your name, Krebs said.

You might also want to consider using your credit card more — instead of your debit card.

“Yeah, they have the same loss-liability guarantees, but there’s a lot more involved when somebody takes your money and then you have kind of grovel to the bank for a couple weeks to get it back. And also on top of that, is the bank going to reimburse you for all the fees that these third-parties charge you for bouncing checks? Probably not.”

Massachusetts court hears arguments in lawsuit alleging Meta designed apps to be addictive to kids

BOSTON (AP) — Massachusetts' highest court heard oral arguments Friday in the state's lawsuit arguing that Meta designed features on Facebook and Instagram to make them addictive to young users. The lawsuit, filed in 2023 by Attorney General Andrea Campbell, alleges that Meta did this to make a profit and that its actions affected hundreds of thousands of teenagers in Massachusetts who use the social media platforms. “We are making claims based only on the tools that Meta has developed because its own research shows they encourage addiction to the platform in a variety of ways,” said State Solicitor David Kravitz, adding that the state's claim has nothing to do the company's algorithms or failure to moderate content. Meta said Friday that it strongly disagrees with the allegations and is “confident the evidence will show our longstanding commitment to supporting young people.” Its attorney, Mark Mosier, argued in court that the lawsuit “would impose liabilities for performing traditional publishing functions” and that its actions are protected by the First Amendment.
Read Next Story