Marriott Data Breach: What Should You Do?

Last week, one of the largest hotel chains in the world, Marriott International, Inc., announced that a massive data breach of its Starwood reservation system exposed the personal information of up to 500 million guests. Those who stayed at the chain’s Starwood brand hotels from 2014 through September 10, 2018 are affected. That’s four long years of data theft before the hackers were detected.

This is the fourth massive U.S. data breach since 2013, including Yahoo (3 billion accounts), Equifax (147 million consumers) and Target (40 million customers). The Marriott break-in not only exposed names, addresses, phone numbers, email addresses and credit card information, but rarer data too, including birth dates, gender and passport information from international guests.

While its credit card information was encrypted, Marriott indicated it’s possible that the hackers were able to steal the encryption keys, rendering the credit card data encryption worthless.

What’s Marriott doing for its guests?

Marriott has already set up an information page for the Starwood Guest Reservation Database Security Incident. On the page they briefly explain the breach’s timeline and what data is involved. Marriott stated that among other actions, it’s working to quickly phase out the old Starwood reservation system. Marriott indicated that they started sending notification emails to affected guests last week. It will take a while to notify everyone. If you’re affected, Marriott has established a dedicated call center and they’ve arranged for affected guests to be able to enroll in Kroll’s Web Watcher fraud monitoring. It’s free for one year, but only available to customers in the U.S. Canada and the U.K.

What should Marriott customers affected by the breach do for themselves?

Check that any notification email received from Marriott is legitimate: With a breach this large there’s little doubt that malicious hackers will try to scam Marriott customers with phishing and other fraudulent schemes to harvest their personal information. Marriott’s email notification won’t contain attachments or requests for any information. Its links will solely bring affected guests to the Starwood Guest Reservation Database Security Incident page.

Sign up for Web Watcher: There’s no reason not to sign up for the free year of Web Watcher fraud monitoring, if it’s offered in your country of residence. Click on your country on the right side of the “Security Incident” page to get the “Enroll Now” link.
More from Travelers United: Make airlines liable for airline IT failures

Consider freezing your credit: You can freeze your credit for free. It will prevent anyone from opening a new account, taking out a loan, or obtaining a new credit card in your name. Freezing your credit won’t damage your credit score. You’ve got to freeze your credit at all three credit bureaus for it to be effective, so contact Experian, Equifax, and TransUnion. If you find you need to take out a loan or get a new credit card yourself, you can lift the freeze for a limited time or for a particular entity.

What should every traveler do whether or not they’re affected by the Marriott breach?

Get a password manager: A password manager can create, store and automatically fill in your passwords along with other login information. You can store them for accessing websites, online accounts, etc.

Change your Marriott password: If you have both Marriott and Starwood accounts, it’s time to combine them into one account, then change your password.

Set a strong password and make it at least twelve digits long. According to How Secure Is My Password, using an eight digit password with at least one small and one capital letter, a symbol and a number would take a computer just four weeks to crack. If you just add four extra numbers, twelve digits total, it would take about 3 million years to crack that password.

You should use a different password for every website and account. Since you’re hopefully now using a password manager, that’s easy to accomplish, as is changing your passwords regularly.

Edit your Marriott profile: Put only the required information in your profile. Remove any other information. If your profile is breached, only the information there can be stolen.
Credit and debit cards are optional in Marriott profiles. If you enter a card for your convenience, make it a credit card. They have more consumer protection than debit cards. When you get to your hotel you can pay with almost any card, regardless of your profile.

Monitor your Marriott/SPG account and all financial accounts: You should always monitor all your financial accounts, looking for unauthorized activity and incorrect information.

User Responsibility: While extremely easy to use and convenient, online information storage and transactions make our personal and financial information vulnerable to criminal activities. It’s up to each one of us to take prudent measures to protect our identity and finances to the extent possible. The commonsense approach and actions outlined above for your Marriott account should be applied to all your online accounts for your personal and financial protection.

DISCLAIMER: This article is not intended to be legal advice. The article simply serves as a suggestion of possible actions for those who may have been affected by the Marriott Data Breach.

Top 12 New Fruits and Vegetables Developed in Israel

Nano watermelons in the Jerusalem Market, Mahane Yehuda.

Nano watermelons in the Jerusalem Market, Mahane Yehuda.

Since the first half of the 20th century, Israeli agricultural wizards have been partnering with Mother Nature to bring new fruit and vegetable varieties to the global market, from vividly colored squash to seedless peppers.

Touchpoint Israel provides an interesting article on new fruits and vegetables developed in Israel. Read more

If you want to buy a shofar …

Blowing the shofar on Rosh HaShanah 2016. Photo: open source Wikimedia Commons.

Blowing the shofar on Rosh HaShanah 2016. Photo: open source Wikimedia Commons.

Many of our participants want to buy a shofar (ram’s horn) as a souvenir of their visit to Israel. Whether you intend to actually blow the shofar or simply display it in your home/office, this article “4 Shofar types: How to choose the perfect shofar?” may help you make a better decision on what to purchase.

 

 

The Shofar Factory

Many of our travelers purchase a shofar as a gift for someone special or simply as a personal souvenir of their trip to Israel. Below is an interesting video showing the process of transforming a horn into a shofar.

Israel will release new banknotes

Israeli notes that will be changed in 2013 and 2014.

Globes, a leading Israeli online business news site, reports that the Bank of Israel plans to begin releasing newly designed banknotes in mid-2013.

The new design, which includes a red 20 shekels note, a green 50 shekels note, an orange 100 shekels note, and a blue 200 shekels note, will have new portraits and improved security measures. Another change that is intended to assist the vision impaired is a variation in the size of each of the notes.

The first release (mid 2013) will include the 50 and 200 shekels notes, with the 20 and 100 shekels notes to follow in early 2014. There is no indication that coins will be redesigned.

Since most vendors accept US dollars, these changes should not have any serious impact on tourists.