On November 30th, Marriott International announced that the Starwood reservation system had been breached and the personal information of up to 500 million guests had been stolen. Starwood brands include Westin Hotels and Resorts, W Hotels, Sheraton Hotels and Resorts, St. Regis, Aloft Hotels, Four Points by Sheraton, Le Méridien Hotels and Resorts, Tribute Portfolio, Design Hotels, Element Hotels, The Luxury Collection and Starwood branded timeshare properties. Marriott hotels, including Residence Inn and the Ritz-Carlton have a separate reservation system that wasn't affected.

The stolen information for the approximately 500 million guests includes name and contact information.

The stolen information for the approximately 500 million guests includes name and contact information. A subset of approximately 327 million guests had some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. In addition, for some guests, payment card numbers and expiration dates were stolen. Even though credit card information was encrypted, Marriott indicated that it cannot rule out that the keys needed to decrypt the data may also have been stolen.

Marriott has begun sending emails to affected guests whose email addresses they have. Marriott is also providing one year of free enrollment in WebWatcher, which will notify the enrollee if their personal information is found on internet sites that WebWatcher monitors.

Steps You Can Take

If you are affected, here are steps you can take.

  • Consider enrolling in WebWatcher. If you enroll and are from the U.S. you will be provided fraud consultation services and reimbursement coverage for free.

  • Monitor your financial accounts for any fraudulent activity.

  • Consider placing a freeze on your accounts at the credit bureaus to make it harder for someone to open accounts in your name.

  • Watch out for spear phishing scams. These type of phishing scams use the types of information taken in the breach to scam you. For example, scammers could claim to be associated with Marriott or Starwood.

Even if you aren't affected, there are steps you can take to reduce your risk.

  • Where possible, provide as little personal information as you can.

  • Before signing up for rewards or similar programs consider what you will receive for the information you provide.

  • Be careful what you share on social media and who you share it with. Use privacy settings to help you control who sees what you post.