If you haven’t yet heard of the Marriott Data Breach, you must be living under a rock. But, either way, here’s what you need to know about the incident, as well as what you should do now.
Marriott Data Breach
Last Friday, news broke that Marriott experienced a massive data breach spanning four years. Specifically, the data breach began on an unspecified date in 2014 and ended on September 10, 2018, affecting up to 500 million guests. But just because you stayed or had a profile set up with Marriott during this time doesn’t mean your data was compromised. In fact, the breach only affects pre-merger Starwood brands. Marriott brands remain untouched, as the systems remained separate until just recently. And even now, the systems aren’t entirely integrated.
But of the 500 million exposed during the incident, about 327 million guests’ detailed, personal information was compromised. This information may have included contact information, passport number, date of birth, gender information, arrival and departure information, reservation date and Starwood Preferred Guest account information. However, the amount and type of data stolen for those 327 million varies. And the remaining 173 million guests experienced a more limited exposure.
Marriott also reports that an unspecified number of credit card numbers and expiration dates were also compromised. They say, however, that the card data was encrypted, though they’re not sure if the thieves obtained the decryption keys.
What You Should Do
While you can’t prevent ID Theft from occurring if your information was stolen, there are steps you can take to mitigate its impacts. One of the first things you should probably do is reset your Marriott/SPG passwords. You’ll also want to signup for a credit monitoring service. There are many free ones out there, my favorite of which is Credit Karma. Not only does this service allow you to track activity on the credit reports, but it also lets you get a clear picture of your credit health. Which, of course, is useful for your credit card strategy. And you can use Credit Karma to see if you’re over or under Chase’s 5/24 rule.
Beyond monitoring your credit profile, you’ll also want to monitor your credit card accounts regularly. That way, you can catch any fraudulent activity before it gets out of hand. And, of course, you’ll want to closely monitor your Marriott account too. Loyalty programs are, after all, an increasingly popular target for hackers.
Another step that can be taken is to freeze your credit. To do this, you’ll need to contact the individual credit bureaus. However, freezing your credit won’t only prevent hackers from opening accounts under your name, you won’t be able to either. You’ll need to contact the bureaus to unfreeze your account any time you want to apply for credit. So, be aware of this if you plan on doing so.
Oh, and regarding the passport numbers, the State Department says not to worry. Passport numbers on their own are basically useless.
Marriott Data Breach, Final Thoughts
Large data breaches like this are, alarmingly, becoming more common. But rather than panic when they happen, it’s beneficial to have a plan of action to protect yourself when they do happen. The steps I’ve listed above are a good starting point, for example. And, it’s good practice to use a credit card or charge card rather than a debit card to protect yourself against fraud loss too. That’s because credit and charge cards in the U.S. all have zero liability against fraudulent transactions. Debit cards, on the other hand, pull funds directly from your account. And, depending on your issuer, you may or may not be able to recover your funds.
Aside from the rewards, protection against fraud loss is a primary reason why I use credit and charge cards. In fact, it also why I believe it’s important to have more than one card. I mean, those of us in the points & miles game take things to an extreme, but it works. After all, as you’ll recall, I use my Marriott card exclusively for reimbursable expenses and Marriott purchases. But all other spend goes on to a variety of other cards. So if one or even a couple of my cards becomes compromised, it doesn’t have much of an impact on me.