Yesterday the hotel chain Marriott announced that it had suffered a major data breach involving its Starwood guest reservation database. Starwood is a group of hotels bought by Mariott in 2016 and includes such well known hotel chains as the St. Regis, Westin, Sheraton and W Hotels. While the data breach was discovered in early September by Mariott, the data breach had been ongoing since 2014. Present estimates are that the total number of people affected by the data breach is an astounding 500 million. Of those people 327 million had personal information including names, phone numbers, email addresses, and birth dates stolen. Millions more also had credit card information compromised. Marriott and law enforcement authorities are investigating the matter. Marriott is sending emails to affected guests.

Marriott has set up a website with updated information about the website. If you had stayed at a Starwood hotel between 2014 until now you should check out the website for more information. Here is the link:

Marriott is offering Internet monitoring services at no charge for a year through WebWatcher to people affected by the data breach. Go to the website indicated above for information about enrolling in the program if you were a Starwood customer during the time of the data breach.

If you were affected directly by this data breach, your credit card may be used for fraudulent purposes so you should monitor your credit card statements regularly and often.  This is also a good time to remind you that the laws that protect you from liability for fraudulent credit card use are much stronger than the laws that protect you if your debit card is fraudulently used. You should not use your debit card for anything other than an ATM card. Cybercriminals also use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. Everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.

This also is a good time for you to freeze your credit reports if you have not already done so. Freezing and unfreezing your credit reports is still the best single act you can do to protect yourself from becoming an identity theft victim and since federal legislation went into effect in September, you can freeze and unfreeze your credit reports for free.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and click on the tab that states “Sign up for this blog.”