What to Know About Navigating Marriott’s Massive Data Breach

by Jessica Montevago
What to Know About Navigating Marriott’s Massive Data Breach

After the data breach, Marriott has committed to pay for new passports for the as many as 327 million travelers impacted. Photo: Augustine Bin Jumat / Shutterstock.com.

Marriott International is dealing with the fallout after revealing a massive data breach affecting hundreds of millions of customers who stayed at Starwood-branded properties between 2014 and September 10, 2018.

The scope of the hack is one of the largest in the industry. Many are asking how it could have gone undetected for so long.

The world’s largest hospitality company put into place several initiatives for customers whose personal information, including name, date of birth, and address, has been stolen. A dedicated website (info.starwoodhotels.com) and call center have been established to field questions about the incident.

Marriott announced Tuesday it will pay for new passports, with as many as 327 million traveler’s passport numbers exposed in the breach.

“As it relates to passports and potential fraud, we are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident,” a Marriott spokesman told MarketWatch. “If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport.”

The expenditures for Marriott will continue, as it will likely have to “invest very heavily in improved detection and response-based technologies, such as deception-based solutions, endpoint detection and response, software-defined segmentation, and behavior analytics,” predicts Nick Wyatt, head of tourism at GlobalData, a leading data and analytics company, to prevent such an event from happening again.

Marriott’s woes continue
The trouble for Marriott doesn’t end there. Some of the activity appeared to happen after Europe put into place General Data Protection Regulation (GDPR,) in May 2018, which boosted fines for violations of some types of data security.

In addition, a class-action lawsuit has been filed against Marriott. Murphy, Falcon & Murphy, with their co-counsel Morgan & Morgan, allege that the hotel chain "failed to ensure the integrity of its servers and to properly safeguard consumers' highly sensitive and confidential information." The suit does not disclose how much they are seeking in damages.

Bernstein Liebhard, LLP filed a securities class action lawsuit on Monday, and seeks to recover Marriott shareholders' investment losses.

On Friday, the New York attorney general’s office said it would open an investigation into the breach.

The latest incident has lawmakers calling for stricter laws for companies that do not adequately protect their customers’ personal data. “We must set clear customer data protection standards for all companies — whether they’re hotel chains, online retailers, or big tech — and severe penalties for those who fall short,” Sen. Richard Blumenthal, a Democrat from Connecticut, tweeted. Sen. Mark Warner of Virginia and Sen. Ed Markey of Massachusetts said Congress needs to set hard limits on how much customer data U.S. companies are allowed to store.

What to do if you suspect fraud
If you or your clients suspect they might be a victim of a data breach and fraud, here are some steps you can recommend:

1. Check your accounts for fraudulent activity. It seems obvious, but must people don’t thoroughly check their credit card bill.

2. Enroll in identity theft monitoring software to ensure your personal data is not being used. Marriott is offering guests a free year with WebWatcher, which alerts customers if their personal information is shared on internet sites.

3. To protect against someone opening new credit accounts in your name, issue a security freeze (also known as the credit freeze), to prevent new credit from being issued without your direct permission.

4. With passport numbers part of the personal information that was stolen by hackers, it may be a good idea to apply for a new one. With your passport number, name, and date of birth, anyone can apply for a new passport by reporting the existing one stolen and use it as a proof of identity to open a new bank account or access an existing one.

5. Keep in mind that once you report your passport as potentially compromised, it will immediately become invalid and cannot be used for international travel.

6. Regularly order free copies of your credit file from a service like annualcreditreport.com to make sure that no one is impacting your credit.

Tip of the Day
The professional travel advisor’s job is to equip the traveler with the necessary information to enable a good decision that will reflect that person’s own risk tolerance.
Paul Ruden
Daily Top List

Most Powerful Passports in the World

1. United Arab Emirates

2. Singapore

3. Germany

4. Denmark

5. Sweden

Source: Passport Index


How Will You Give Back This Year?

Learn from travel advisors who are positively impacting tourism through their sustainable travel efforts and empowering their clients to do the same. 

TMR Recommendations
Top Stories
Worldview Tours Suddenly Ceases Operations
Worldview Tours Suddenly Ceases Operations

After 40 years of doing business on the up-and-up, it was a shock to those who had worked with the company to see it go under.

Anchorage Assesses Damage After Powerful Quake
Anchorage Assesses Damage After Powerful Quake

The scenic Glenn Highway was the hardest hit during the 7.0 magnitude earthquake on Friday.

Marriott: 500 Million Starwood Guests Could Be Affected in Data Hack
Marriott: 500 Million Starwood Guests Could Be Affected in Data Hack

The Starwood guest reservation database was breached at brands including W Hotels, Sheraton and Westin.

St. Regis Opens First Canadian Hotel as New Toronto Location Debuts
St. Regis Opens First Canadian Hotel as New Toronto Location Debuts

Along with its luxurious accommodations and amenities, the five-star hotel offers its guests the hotelier’s hallmark butler service and its evening champagne sabering ritual.

USTOA Conference Celebrates Transformative Travel
USTOA Conference Celebrates Transformative Travel

The organization’s chairman talked about how travel is an important way to unite people, across cultures and borders, to create meaningful connections and to spark mutual understanding.

Hyatt Joins Other Hoteliers, Cuts Group Commission Rate
Hyatt Joins Other Hoteliers, Cuts Group Commission Rate

With four major hotel companies adopting similar policies, meeting planners will likely be forced to mark up fares to cover the loss in commission or charge clients a higher service fee.

News Briefs
TMR Report Cards & Outlooks
Advertiser's Voice
Advertiser's Voice: Tauck