I first reported to you last December when the Marriott hotel chain announced that it had suffered a major data breach involving its Starwood guest reservation database. Starwood is a group of hotels bought by Mariott in 2016 and includes such well known hotel chains as the St. Regis, Westin, Sheraton and W Hotels. While the data breach was discovered in early September of 2018 by Mariott, the data breach had been ongoing since 2014. Present estimates are that the total number of people affected by the data breach is an astounding 500 million. Of those people 327 million had personal information including names, phone numbers, email addresses, and birth dates stolen. Millions more also had credit card information compromised. Marriott and law enforcement authorities are investigating the matter. Marriott is also sending emails to affected guests.
Since December multiple class actions have been filed on behalf of affected customers. Generally the way these matters progress is that the courts will consolidate multiple class actions into a single or just a few class actions representing all affected customers who do not choose to opt out of the lawsuit and pursue their own individual legal action. I will keep you informed as to the progress of these lawsuits and the courts actions related to them. You don’t need to do anything to be covered in the class action although you can choose to opt out and sue individually although this rarely, if ever makes sense for individual consumers
Marriott has set up a website with updated information about the website. If you had stayed at a Starwood hotel between 2014 until now you should check out the website for more information. Here is the link: https://answers.kroll.com/
Marriott is offering Internet monitoring services at no charge for a year through WebWatcher to people affected by the data breach. Go to the website indicated above for information about enrolling in the program if you were a Starwood customer during the time of the data breach.
If you were affected directly by this data breach, your credit card may be used for fraudulent purposes so you should monitor your credit card statements regularly, although if the recent disclosure of the hacking being done by Chinese operatives for intelligence gathering purposes, the threat of credit card fraud is somewhat diminished. However, regular credit card monitoring is something that we all should be doing. This is also a good time to remind you that the laws that protect you from liability for fraudulent credit card use are much stronger than the laws that protect you if your debit card is fraudulently used. You should not use your debit card for anything other than an ATM card. Cybercriminals also use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. Everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.
This also is a good time for you to freeze your credit reports if you have not already done so. Freezing and unfreezing your credit reports is still the best single act you can do to protect yourself from becoming an identity theft victim and since federal legislation went into effect in September of 2018, you can freeze and unfreeze your credit reports for free.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”