The Marriott hotel chain confirmed that it has suffered yet another data breach, this one at its BWI Airport Marriott Hotel in Maryland with between 300 and 400 guests at the hotel having their credit card information stolen along with personal information of the hotels employees as well.
Marriott has had a bad history with data breaches. I reported to you in December of 2018 when Marriott announced that it had suffered a major data breach involving its Starwood guest reservation database. Starwood is a group of hotels bought by Marriott in 2016 and includes such well known hotel chains as the St. Regis, Westin, Sheraton and W Hotels. While the data breach was discovered in early September of 2018 by Marriott, the data breach had been ongoing since 2014. Some estimates are that the total number of people affected by the data breach is an astounding 500 million. Of those people 327 million had personal information including names, phone numbers, email addresses, and birth dates stolen. Millions more also had credit card information compromised.
A class action was filed on behalf of affected customers and last May a federal judge certified the class so that the case is now proceeding. I will keep you informed as to the progress of the class action at this time. You don’t need to do anything to be covered in the class action although you can choose to opt out and sue individually although this rarely, if ever makes sense for individual consumers
This is also a good time to remind you that the laws that protect you from liability for fraudulent credit card use are much stronger than the laws that protect you if your debit card is fraudulently used. You should not use your debit card for anything other than an ATM card. Cybercriminals also use the information gathered in data breaches such as this to form the basis of scams that start with spear phishing emails which are emails specifically tailored with information about you and your interests. These spear phishing emails will attempt to lure you into either providing personal information that can be used to make you a victim of identity theft or to click on links containing harmful malware. Everyone should be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.
This also is a good time for you to freeze your credit reports if you have not already done so. Freezing and unfreezing your credit reports is still the best single act you can do to protect yourself from becoming an identity theft victim.
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”