It is reported that a division of Marriotts International - Starwood - has been compromised possibly since 2014. 500 million records covering guests staying at W Hotels, Sheraton, Le Meridian and Four Points by Sheraton are known to have been compromised. Compromised data appears to cover name, address information, email address, date of Birth, gender and passport information.
Another week, and another data breach....this time a whopping 500 million personal data records of clients staying at some popular Sheraton International Hotels have been compromised.
Internal investigations at Sheraton have found that attackers have been able to access the Starwood Reservation Database since 2014, and that highly personal information may have been downloaded that will include all personal name, addresses, email addresses, passport, gender and details of the hotel stay.
If you stayed at any of the Hotels covered by this database - W Hotels, Sheraton, Le Meridian and Four Points by Sheraton - then you should be involved and concerned that your personal data is now on the dark web. Marriott are already emailing people who they think are affected, but it assumes that they have your current email address.
Our advice is to do a search of your emails to see if you did stay at any of these locations since 2014, and if so, assume that your information is now being traded.
The ICO (Information Commissioners Office) are investigating, and potentially there will be significant fines involved because of GDPR.
Marriotts have offered a free 12 month subscription to Webwatcher - an internet tracking system to spot unauthorised use of your personal details - so sign up for free (even if you are not completely sure that you are a Marriotts customer, but may have been)
Enroll on this web site - https://answers.kroll.co.uk/
Marriots also are providing a dedicated call centre as well where you can check to see if you might be involved
As with all hacks, once the data has gone, it is important to consider the potential uses - keep an eye on your credit cards, bank accounts and other transactions like finance applications that could be being put in your name by cyber criminals to commit fraud. Do not ignore any communications for credit agreements that you know nothing about.
One way of protecting yourself is to use a secure password and identity manager - there are a number around like "Dashlane" which assist in managing different complex passwords for all your internet sites, and the ability to change them quickly in the event of a hack.
Marriott appear to have taken the right steps to deal with this event under GDPR, but that will not protect them from a potentially eyewatering fine, it will be higher because gender information was involved, but more importantly, damage to the Marriott brand will be significant because people will not trust them to handle their personal information securely.
If you have any concerns or want to check that your IT systems are cybersecure, please speak to one of our professionals at CIS Ltd. email email@example.com