On November 30, 2018 Marriott disclosed a large-scale data breach that impacted up to 500 million customers who have stayed at their Starwood-branded hotels within the last four years. 500 MILLION! For the last 4 YEARS! Yikes.
According to a press release from Marriott the data breach involved the Starwood guest reservation list in the United States and included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some of those guests, their credit card numbers and expiration dates were also exposed.
If you’ve stayed at one of Marriott’s Starwood hotels (and it is a long list) since 2014, be vigilant and take some protection measures. You should have received an email regarding the breach with recommended actions. But here is a quick summary from our perspective:
* Change the password for your Starwood Preferred / Marriott Rewards Program.
* Change the password on any site where you used the same password as your Starwood account.
* Start using a password manager program to track your passwords. Such programs will also help you to generate strong random passwords for each of your accounts and offer easy methods to enter them – removing the “I can’t remember all my passwords so I make them all the same” pressure. If you would like some recommendations on good password manager programs, let us know.
* Activate Multi-Factor Authentication (MFA) on all your online accounts. This second layer of security on top of your password is an essential security tool these days. There are many options available and some are complicated. Let us know if you need some advice on implementing MFA.
* Be on the watch for phising attempts related to this breach. Cybercriminals are aware of this breach and will use it as an opportunity to trick you (see our Sextortion article as an example.)
* Subscribe to ID Agent: this is a tool Bralin can provide to you to monitor your email addresses on the dark web (the black market where stolen passwords and credentials are sold). The tool will alert you when your hacked infomartion goes up for sale and give you a better chance of getting your accounts secured (like a lot faster than 4 years later, like in this Marriott situation). Let us know if you would like more information.
* Subscribe your company to Security Awareness training programs designed to educate your employees on how to prevent breaches.
* Make sure your computer systems are secure by engaging an IT Managed Services Provider. This is what we do for our clients everyday, so contact us if you want to know more.