Marriott Data Breach of 500 Million SPG Guest

Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on print

It doesn’t matter if you’re an enterprise company, small business or public institution. Security breaches like this undermine an organization’s trust with its customers/stakeholders. We need to be more proactive, not reactive. That being said, here’s what to do about the data breach.

Marriott Data Breach

Here’s What To Do About That Massive Data Breach

Up to 500 million guests of the hotel chain Marriott may have had their data stolen in a security breach, the company announced on Friday.

For some 327 million of those guests, the stolen information includes “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences,” according to the chain.

The data breach, which involved a reservation database at Marriott’s Starwood unit, is unprecedented in size and scale.

I’m a Marriott customer. How will I know if I’m affected?

Marriott began sending out messages on a rolling basis to affected customers on Friday to the email addresses associated with compromised accounts. Check those email addresses regularly — and be aware that you may not receive notification immediately, as it takes time to send 500 million emails.

I got a notice that my account was effected. What should I do now?

Marriott says affected customers should monitor their accounts and bank statements for suspicious activity. More information can be found on its advice page for people affected by the breach.

It also warned of the risk that hackers could use information exposed by the data breach news to mount “phishing” attacks, in which people are pretending to be someone they’re not trick you into giving them other valuable information, like credit card numbers.

Marriott said breach notification emails would only come from the address “,” and that those emails would not contain attachments or requests for personal information, including passwords.

It would also be wise for you to change any passwords for other services that you know to be the same as the one you used for Marriott accounts.

Marriott Data Breached

What else do I need to know?

Yes. As part of its response to the data breach, Marriott has set up a way for all guests to sign up to WebWatcher for free for one year. That site alerts you if your personal information is being shared on dodgy websites. U.S. users will also be eligible for compensation through the site if money is lost.

However, it’s not clear whether that compensation will apply to misuses of data that might occur after a year is up, or whether non-U.S. citizens will be able to obtain payment.

Are there any more significant steps I can take?

That depends on your rights.

In the U.S., data protection law varies state by state. But if you believe you have suffered because of the breach, you should contact the Federal Trade Commission (FTC) and the Attorney General of your state. You should also file a police report if you believe crimes have been committed.

On the FTC website, you can file a complaint against a company and report identity theft.

These measures may be a useful first step in proving your case if a class action lawsuit is set up in the future. A police report will also be helpful evidence to provide to correct your credit score if it suffers because of the breach.

What if I live in the European Union?

If you are an E.U. citizen, you benefit from the new General Data Protection Regulation (GDPR), which came into force earlier this year. If your data has been stolen and you suffer financial loss or distress because of it, you may have the right to compensation.

The first step towards claiming that compensation is to contact the company outlining your case, including losses suffered, and requesting payment.

You should also contact your country’s data regulator, which Marriott has helpfully listed on its website. Scroll to the bottom, click the “More information on steps you can take” tab, then click “Additional information for EU data subjects.”

That regulator will be able to advise you whether your claim has merit and whether they believe your information has been compromised. That advice could be helpful later in court, or as part of a future class action lawsuit.

How about elsewhere?

If you live outside the U.S. or E.U., you should do some research into what rights your jurisdiction gives you over your data, and see if your country has a data protection authority you can contact.

Marriott also said it would set up a call center to answer questions in multiple languages. Information on that can be found on its help site.

Other News Articles:

CNN: Marriott reveals data breach of 500 million Starwood guests

NBC: Marriott says breach of Starwood guest database compromised info of up to 500 million POLITICO: Marriott says hackers compromised 500 million guests’ data

WASHINGTON POST: Marriott discloses massive data breach affecting up to 500 million guests

USA TODAY: Marriott says as many as 500 million Starwood guests data may have been breached


Marriott reveals data breach of 500 million Starwood ….

Students start to understand their loans through seminar ….

New story in Technology from Time: Stayed at a Marriott ….

Marriott Data Breach: What Customers Should Do Now | Time.

Marriott says as many as 500 million Starwood guests data ….

Stay informed on recent news, giveaways and travel reward articles by signing up for our monthly newsletter.

Kelly Kathryn

Kelly Kathryn

Leave a Replay

Are You Ready To Check-In?

This is where you come to find everything you want to know about travel rewards, tips and insider tips.  Don’t forget to sign up for our weekly news letter where we announce the winners to our monthly raffle.  

Recent Posts

Follow Us

This error message is only visible to WordPress admins

Error: The account for ready_to_check_in needs to be reconnected.
Due to recent Instagram platform changes this Instagram account needs to be reconnected in order to continue updating. Reconnect on plugin Settings page


Play Video

Sign up for our Newsletter

For more articles like this subscribe to our newsletter.  

Stay Checked-In And Subscribe To Our Mailing List

You have successfully subscribed to our mail list.

Too many subscribe attempts for this email address.