Marriott Data Breach

Dec 2018


It seems we all have become somewhat numb about data breaches. They happen so often that too many of us have a ho-hum attitude towards them. Unfortunately, you can’t afford to have that attitude because data breaches are serious and they can not only cause you a significant amount of aggravation, but also have financial implications. I bring this up as it was just announced that there has been a major data breach of the database of the Starwood reservation systems. The hack is reported to have affected 500 million guests at Marriott International Hotels and of the 500 million that were hacked, about 327 million of them, the information stolen includes name, credit card information, mailing address, phone numbers, email address, passport number, date of birth, gender and Starwood Preferred Guest account information. The hack is one of the largest in history and is one of the most significant considering the sensitive and personal information that was stolen. Marriott, who acquired Starwood Hotels and Resorts two year ago, is the largest hotel chain in the world with more than 6,700 hotels.

Marriott has started sending out emails to those affected and also announced that it will provide, free of charge, online account monitoring services for those affected for one year. Guests of Marriott who were affected by the breach should sign up for this service; however, that alone is not sufficient. There are other things that you need to do.

The first thing I would recommend is that if you have an account through Marriott such as Starwood Preferred Guest account, immediately change your password. In addition, you need to take the extra step of monitoring your Starwood Preferred Guest account for any unauthorized and suspicious activity. Although the data breach was just announced, it appears that there has been unauthorized access to the Starwood system since 2014.

Although we should all be constantly monitoring our charge card statements, all too often people don’t do it. If you were affected by this data breach it is more important than ever that you monitor the activity on your charge cards. Whether you sign up for alerts on your charge card or go online to review the activity, it is important that you do so. In addition, if you find that there has been suspicious activity on your charge card, you need to immediately notify the charge card company.

What typically happens after a major data breach is that the lowlifes will be sending out emails claiming they are from Marriott in an attempt to obtain information from you such as your passwords. In many of these emails they look very professional and you link to a bogus website claiming that they are working with Marriott. In reality this is just an attempt to obtain sensitive information from you. Do not fall for this. Yes, Marriott will send you an email; however, they are not going to ask for your password or other sensitive information. Therefore, if you get an email that is asking for your password, you know it is bogus and you ought to delete it immediately. Typically, when I receive an email that asks for information I do not link from that email, I will type the web address in the browser. However, even if it is a legitimate request, I am very leery about giving out sensitive information. My opinion is that they need to explain to me why they need the information before I’m going to provide it.

Data breaches and identify theft have become all too common in our society. Unfortunately, corporations such as Marriott and the government do not have the resources to truly protect us, and that is why it is important that we be proactive and protect our information. We are the last line of defense and we cannot depend on others to protect us. To learn more about data breaches and what you need to do to protect yourself, I recommend you visit the Federal Trade Commission website at They have a wealth of information that can help you prevent from being scammed and to limit the consequences if you are.

The reality of the situation is there is nothing that you can do to 100 percent protect yourself. However, by being proactive, constantly changing passwords and monitoring financial and credit card accounts, you can make it more difficult on the crooks and better protect yourself.

Good luck!



Rick is a fee-only financial advisor.  If you would like Rick to respond to your questions, please email Rick at