Marriott Data Breach: How MD Consumers Can Protect Their Info

BALTIMORE, MD — Maryland's attorney general is looking into a data breach that exposed 500 million customers of Bethesda-based Marriott, and reminding consumers what they can do if their data was hacked. Personal information that may have been compromised includes name, mailing address, phone number, email address, passport number, date of birth, and gender, along with payment card numbers and payment card expiration dates, says the office of Attorney General Brian Frosh.

Marriott said Friday that a data breach involving the Starwood Guest Reservation database had compromised the information of as many as 500 million customers. An internal security tool on Sept. 8 alerted the company to an attempt to access the guest reservation database in the United States. The company's information found that there had been unauthorized access to the Starwood network since 2014.

“The Marriott data breach is one of the largest and most alarming we’ve seen. My office will be
taking a hard look at Marriott’s actions to understand the circumstances that led to the breach,”
Frosh said in a news release. “We will also be working with the company to make sure all
customers who may have been impacted are notified and provided the resources to protect their
personal information. We will be closely monitoring the company’s response to ensure that
consumers are protected while we continue to investigate the data breach. I strongly urge
consumers to take active and necessary steps to prevent any misuse of their information.”

Marriott has set up a website and call center available in multiple languages to help consumers who may have been affected at info.starwoodhotels.com. The company will also notify via email those consumers whose email was in the Starwood guest reservation database.

(For more news like this, find your local Patch here. If you have an iPhone, click here to get the free Patch iPhone app; download the free Patch Android app here. And like Patch on Facebook!)

Consumers who may have been affected by the breach should:

• Check your credit reports from all three of the major credit reporting agencies: Equifax, Experian, and TransUnion. Reports can be obtained for free by visiting www.annualcreditreport.com. Unrecognizable accounts or activity could indicate identity theft.
• Under Maryland and federal law, you are entitled to two free credit reports from each of the Credit Reporting Agencies each year. Go to www.annualcreditreport.comor call 1-877-322-8228 to access your report through the federal Fair Credit Reporting Act. You must contact each of the three Credit Reporting Agencies individually to access your credit report under Maryland law: Equifax: 1-800-685-1111; Experian: 1-888-397-3742; TransUnion: 1-800-680-7289.
• Place a credit freeze on your files. A credit freeze makes it harder for someone to open a new account in your name. Keep in mind that credit freezes must be obtained from each of the credit reporting agencies. A credit freeze won’t prevent a thief from making charges to your existing accounts, such as debit and credit cards. Parents or guardians of minor children may also place a credit freeze on behalf of their child. For more information on how to obtain a credit freeze, visit the Maryland attorney general's office website.
• Monitor your existing credit card and bank accounts closely for changes you do not recognize.

"The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it," Marriott said in a statement. "On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database."

The company said it believes the database contains information on up to 500 million guests that made a reservation on a Starwood property. However, the company said it had not finished identifying duplicate information.

"We deeply regret this incident happened," Arne Sorenson, Marriott's President and CEO, said in a statement. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."

Image via Shutterstock