500 million Marriott customers have had their data hacked. Here's what you should do instead of freaking out
- About 500 million people have had their data hacked after staying at Marriott brands including W, Sheraton, and Westin, the company said on Friday.
- A breach in the Starwood guest-authorization database meant that millions of people had a combination of their name, address, passport number, date of birth, and other information stolen, the company said. An unspecified number of people also had their credit-card information taken, though it was encrypted.
- Data breaches are becoming our new normal, so it's more important than ever to stay on top of your money with secure passwords and consistent monitoring.
- One solution, according to many experts, is freezing your credit, but that won't protect against the most common type of identity theft.
About 500 million people have had their data hacked after staying at Marriott brands including W, Sheraton, and Westin, the company said on Friday.
For about 367 million of those affected, Marriott said, the information taken includes some combination of their name, mailing address, phone number, email address, passport number, date of birth, gender, and other information around their Starwood account, reported Business Insider's Sinéad Baker. An unspecified number of people had their credit-card information taken.
Marriott said the unauthorized access had been going on since 2014 and that the breach affected customers who made bookings on or before September 10.
In 2017, Equifax, one of the three credit reporting agencies in the US, was compromised, potentially exposing the Social Security numbers, credit card numbers, and other personal information of nearly 150 million Americans. The breach rightly upset many people, in part because Equifax's chief financial officer and two other senior executives dumped almost $2 million of Equifax stock once they learned about the hack.
Unfortunately, data breaches are nothing new, and they aren't going away. In fact, between January 2017 and April 2018, at least 16 separate security breaches occurred at US retailers, reported Business Insider's Mary Hanbury and Dennis Green.
Keeping our money online is convenient and easy, except in instances like this. But you still shouldn't freak out.
As Business Insider's resident financial planner Lauren Lyons Cole pointed out in an article on the Equifax breach, "Even when we take all kinds of steps to protect ourselves online, our best-laid plans can still result in financial foibles - whether as a result of our own error or a giant financial company's."
"The only thing we can do is try to protect our data as best we can, and respond quickly if something does happen," she continued. "You'll be okay, I promise."
Here are Lyons-Cole's tips for protecting your data online.
1. Find out if you've even been compromised.
The AP reported that Marriott will send email notifications to those affected starting Friday.
2. Use secure passwords on all of your accounts, including your online shopping accounts.
This is like eating your vegetables: You know you should do it, but it's not fun and you'd rather not. I get it. But any data security expert will tell you secure passwords are a necessity. Every site you use should have a different password, and it shouldn't be easy to guess.
Keeping track of a random string of 15 letters and numbers is basically impossible, so I use LastPass to generate and save all my online passwords. Hopefully, they don't get hacked, but at least it's better than storing all my login info on the notepad app on my iPhone.
3. Understand how to freeze your credit, but don't do it quite yet.
Freezing your credit protects against new accounts being opened in your name - one of the rarest types of identity theft out there, affecting only 4% of victims, according to the most recent Bureau of Justice Statistics data.
The vast majority of identity theft victims - 86% in 2014 - have problems with a current account, such as a credit card or bank account, according to BJS data. Freezing your credit won't prevent that type of crime.
If securing your passwords seems like too big a lift, then freezing your credit or even setting up a fraud alert to protect against the chance of identity theft will definitely give you a headache.
Setting up a fraud alert only requires calling one of the credit agencies, but you're going to have make copies of and mail in many important documents to put it in place.
Freezing your credit means dealing with customer service agents at all three credit bureaus - Equifax, TransUnion and Experian - and keeping track of a unique pin number that you're going to need anytime you want to open a new account or move to a new apartment. Make sure you fully understand how it works (the Federal Trade Commission has a nice breakdown) before you start the process.
One caveat: If your identity has actually been compromised - as in, someone tried to open a fraudulent account in your name - then this is an important step to take.
4. Monitor your money regularly - even if you haven't been compromised.
I use Mint.com to quickly check all of my financial accounts every morning, just like I check email and Instagram. This came in handy both times my credit card was stolen. I was able to identify the pending charges before they even cleared my account, and American Express overnighted me a new card immediately. It was a little annoying, but not that big of a deal. I know people who have experienced far more serious identity theft, and managed to resolve the issue by identifying it and acting quickly.
If you have been compromised, this becomes even more essential. You can monitor your credit for free with a service like CreditKarma by selecting to be notified when a new account is opened under "Communications and Monitoring" in the profile settings.
For those affected by the Marriott breach, the company says it will pay for guests to sign up for a year-long membership for WebWatcher software, which monitors where your personal information is shared online.
5. Optimize your money management and credit usage.
A breach like this is a good reminder to check your credit score, pull your credit report, and review the way you're currently managing your money. There may be things you can do to improve your credit score, fix any errors on your credit report, and optimize your current collection of credit cards.
Considering data breaches are more or less our new normal, the only thing we can really do is the one thing we should be doing anyway: Stay on top of your money, and fix any issues as soon as you can. No one is going to be more interested in your financial situation than you are. Not even a hacker.
6. File your taxes early.
The IRS is cracking down on tax fraud, but there could be an uptick after a data breach of this size. Get your tax information organized early, and submit your return as soon as you receive your W-2 and 1099 forms. Added benefit: If you're due a refund, you'll get it sooner, and if you owe taxes, the amount isn't due until April 15 regardless of when you submit your return.
- Read more:
- Here's how to check if you were one of the 500 million customers affected by the Marriott Hack
- 500 million Marriott customers have had their data hacked after staying at hotels including W, Sheraton, and Westin