Another day, another massive security breach. We consumers are pretty used to the news by now when we hear that another company has discovered a breach in their system that's exposed our personal information to hackers. While it's pretty easy to take that information in stride, it should be a reminder to be vigilant about our personal data and our credit card account information.
The latest breach comes courtesy of Marriott, which recently disclosed that half a billion guests' personal and financial information--including passport information for about 327 million and payment card information for some guests--had been vulnerable for four years.
The breach involved the Starwood guest reservation database, which includes the hotel brands W, Sheraton, Westin and Four Points, among others. While Starwood had acknowledged a breach involving an attack on cash registers on over 50 properties back in 2015, according to Krebs on Security, the attack on Starwood's payment systems didn't include its reservation database. This breach does include that system, meaning if you stayed at one of these hotels, your information was compromised.
For payment cards, this can be true too, even though the company used Advanced Encryption Standard for its encryption. This leverages two components for decrypting payment information, and Marriott said it doesn't know whether both of those components were stolen.
And much like other massive breaches, once you get past the incredibly large numbers of people affected by this attack--in this case, it's more than the entire population of the United States--you the company apology. "We deeply regret this incident happened," said Arne Sorenson, Marriott’s President and Chief Executive Officer, in a statement. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
In Marriott's case, it's got a dedicated website for the breach at info.starwoodhotels.com, and it plans to email its affected guests to alert them of the situation. The company is also giving American guests a free year of WebWatcher service, a monitoring site that alerts you if it finds your personal information on shady sites. WebWatcher also has a Fraud Loss Reimbursement benefit that covers you for up to $1 million in legal costs and expenses for one instance of your identity being stolen. The service includes unlimited consultation with a fraud specialist to help with identity protection and your legal rights with regards to identity theft.
This is yet another wakeup call that we need to be vigilant about our personal information, particularly credit card information, because criminals can move quickly and cause a lot of damage in a short amount of time.
It's vital to monitor your credit card statements regularly to make sure that there are no fraudulent charges on them. While monthly sounds like it would be good enough, if you use your card a lot, check it more frequently (this is also a decent way to help you budget).
The other key thing to do is check your credit report with the three credit bureaus--Equifax, Experian and TransUnion--to make sure that no new accounts have been opening in your name without your awareness. By law you can get a free credit report from each bureau once a year. Don't get them all at once; stagger them out every few months so that you can regularly check on your credit history.
Finally, turn on a credit freeze at the credit bureaus to prevent anyone from opening a new account in your name. This is free to do and could stave off a financial disaster.
While breaches make seem like ho-hum news these days, they are a good reminder to do what you can to protect yourself and your personal financial information, because even with the best security, thieves will find a way through it.