In the News: The Marriott data breach and what consumers should expect
Chris Simmons, professor of computer science and software engineering, shares his insight into the recent Marriott data breach and what consumers should expect.
Chris Simmons |
Read Simmons' column on moneyinc.com
Not too long after the Equifax data breach scandal in 2017, comes yet another massive and costly digital hack, stealing private information of almost 500 million guests of Starwood Hotels and Resorts Worldwide, a company acquired by Marriott International in 2016.
Marriott is now facing a lot of criticisms after confirming that there’s been ‘unauthorized access’ to the Starwood network, the reservation database of the hotel. Some 327 million records were stolen, including guests’ names, postal address, gender, date of birth, phone number, email address and passport number.
The resort and hotel giant said in a statement that the ‘unauthorized access’ was discovered on or before September 10th of this year, but may date back to 2014. This provides evidence that Marriott International acquired Starwood Hotels and Resorts Worldwide despite Starwood’s acknowledgement of a massive credit card breach in 2014.
How it Happened
According to Marriott’s investigation, an unauthorized party had copied and encrypted the information of guests from the database. The hackers accessed the passport numbers and some ‘scrambled’ payment card details of guests. There are private investigators claiming that the attack can be traced and attributed to Chinese hackers, with hacking tools and procedures, but Marriott has stated they ‘have nothing to share’ when asked about the involvement of Chinese hackers.
Stricter Consumer Privacy Regulation by 2020
Just this June 2018, a new bill was passed by the state of California legislature called the California Consumer Privacy Act (CCPA) of 2018. Stated in this bill that by 2020, companies that collect personal information of customers are required to reveal exactly what data they have and what they use it for. Moreover, it provides the ability for a consumer to demand the companies delete all personal information and prevent this data from being sold to third parties.
The particulars of the CCPA, if it were in effect today, would provide the ability for consumers to hold Marriott liable for damages in a court action associated with this data breach.
What Victims Can Do
If you’ve stayed in Marriott hotel in recent years, you’re probably one of those affected by the data breach. Stay calm because you can do something.
1. Watch out for scams. Marriott is sending emails to those people that might be affected but be careful of scams. In instances of a major breach, scammers generally take advantage of the situation by phishing for additional personal information, by sending out fake emails and creating websites that look similar to Marriott. Always check the email address and confirm its legitimacy from Marriott’s website.
2. Change your password. Make sure to change your password to protect your account. Use unique characters for every service you use.
3. Sign Up for WebWatcher?. Marriott set up a website for people affected by the data breach. The company dedicated a call center hotline you can reach to get answers to your questions and other concerns. That number is 877-273-9481 in the United States.
4. Track Your Credit. Check your credit card statement for changes that you do not recognize or fraudulent. If there are any fraudulent charges, contact your credit card company or bank immediately and request a new card.
5. Track Your Credit. Check your credit report and allow alerts or notifications if something new happens to your account. It’s best if you’re going to check every change in your credit to see if something’s not right. Freeze your accounts altogether if unauthorized transactions can be seen.
In light of this incident, consumers must be extra careful when providing personal information, especially credit card and passport numbers. Companies, whether big or small, must also invest in more stringent security solutions to detect and prevent data breach incidents such as this.