If you are a Starwood hotels rewards club member, any of your personal information stored in their database may have just been hacked. Marriott, who purchased the Starwood hotel brands in 2016 making them the largest hotel chain in the world, has just released information about a breach in the security of their reservation system.

Starwood hotels is a conglomeration of several hotels including W Hotels, Sheraton, Westin, St. Regis, The Luxury Collection, Four Points, Aloft, Element, and Le Meridien as well as other Starwood properties. So far, the data breach has only been discovered in the Starwood brands of Marriott.

What happened?

Marriott hasn’t released many details about the breach. On September 8th, one of Marriott’s internal security checks discovered the breach in the Starwood reservation system. Hiring a team of cyber-security experts, they found that the hackers have been accessing information from their database since as early as 2014. Potentially, over 500 million individuals could be affected by the breach. So far, 327 million guest’s personal information has been confirmed as compromised. As information is compiled, this hack could end up being one of the biggest in history. Attorney generals from both Maryland, where Marriott’s headquarters is based, and New York are launching investigations to determine how widespread the implications of this cyber-attack will be.

What information was compromised?

Any information that Starwood collected and saved about their customers from the past four years is at risk including:

  • mailing addresses
  • phone number
  • email addresses
  • credit card information
  • passport number
  • gender
  • date of birth
  • travel plans
  • length of stay
  • airline information

How is all this information beneficial to hackers?

That’s one of the scariest parts. The motivations behind cyber-attacks can vary. Since the identity of the hacker is unknown, the implications of the stolen information are yet to be realized. Unfortunately, there is a black market for different types of personal information. Obviously, credit card numbers are used to make fraudulent purchases. But, some of the other personal information can be even more damaging.

  • Mailing addresses can put you at risk in the security of your own home.
  • E-mail addresses can be sold and used for phishing scams.
  • Passports can be duplicated if the numbers are compromised.
  • Any top-secret travel plan information would be at risk of falling into the wrong hands.

Who is at risk?

If you stayed at a Starwood hotel in the past four years, your information could be at risk. You are also at risk if you are a Starwood hotel rewards member. While Marriott cannot confirm that all the information was stolen, they are aware of information that has been copied including credit card details. Credit card numbers are encrypted in the database. However, the decoding information is also in the database making it possible for the numbers to be deciphered and used. Anyone who has personal information in any Starwood hotels or properties is at risk.

What is Marriott’s response?

Marriott has formally apologized to its customers and assured them that they are doing everything possible to find out exactly what happened. They are contacting any of their affected guest’s via email. They are also putting other security measures into place to prevent any future infiltration. A dedicated website and specified phone number has been created for anyone who believes that they may be affected. Marriott assured their guests that they will work side-by-side with law enforcement officials and security analysts to ascertain exactly what happened and make sure it doesn’t happen again.

What you should do if you think that your information is at risk.

  • Log in to your Starwood account and change your password. Also, remove any personal information that isn’t necessary.
  • Make sure your Starwood rewards account is set up to alert you anytime there is activity with your account.
  • Check your credit report with all three major credit bureaus.
  • Check your credit card statements or consider replacing any credit cards that you used at a Starwood hotel.

Contact Marriott. They are vigilantly working with any of their guest’s concerns and have insurance protecting themselves and their guests from a cyber-attack if needed.