A week ago, Marriott International published a press release informing the public that the company had been the latest victim of a data breach that saw the information of up 5.2 million customers stolen. Well, if you are familiar with this, then it is true.

Marriott has experienced three serious data hacks in the last 18 months, exposing customer and employee information to the public and criminals alike. So, let us find out exactly what happened and if we could learn something from this bizarre event.

The hackers accessed more information of more than 1500 company employees, accessing details like Social Security numbers, names, and addresses through a former partner who managed official documents such as subpoenas and court orders.

What Happened?

In a statement, the company said that information including names, emails, birth dates, addresses, loyalty reward program numbers and phone numbers of guests for the hotel and affiliates could be stolen. The company further said that they believe sensitive data such as passport details, passwords, and driver’s license numbers were compromised.

This event comes at a time when Marriott and the hotel industry at large are facing immense economic downtown.  The company has laid off thousands of workers all due to the coronavirus pandemic.

What transpired during the attack has not yet been established, but it is said that data was breached via login details of two employees of a hotel in Russia, as reported by Brendan McManus via an email. The company did not disclose whether the employees are suspects or if the accounts were indeed hacked. However, he concluded that investigations were continuing and that it is too early to deduce anything yet.

The company, in its statement, said that it realized an unusual amount of guest data being accessed via an inhouse application designed for monitoring customers’ birthday celebrations, check-in dates, and towel preferences. Even though the company agrees to have realized this in February, the actual event started in January.

The hackers accessed more information of more than 1500 company employees, accessing details like Social Security numbers, names, and addresses through a former partner who managed official documents such as subpoenas and court orders.

Before this attack, the company had earlier unveiled another major attack of the reservation database for the Starwood properties, gaining access to over 300 million guests’ data, including sensitive data such as payment cards, passport numbers, and travel information. Marriott has been taken to court over this breach, which is said to be the largest in history.

The governments in the US and Europe revealed new regulations in the recent past to create guardrails to protect against privacy violations. In fact, the UK Information Commissioner’s officer suggests Marriott be charged $124 million in response to Starwood hack. However, Marriott said it will contest this fine.

What if you were a victim of this breach?

Marriot shares an email to all the customers that were affected by the email address [email protected] on the 31^st of March 2020 to explain the incident. The company has also created a self-service portal that lets guests check if their details were breached and exposed. All the victims will have to adjust their password and set up 2-step verification when signing into the Marriott Bonvoy application.

What Should You Do If You Are Affected by a Data Breach?

Marriott has shared some important steps that its guests should follow instead of an attack:

• Customers should monitor their Marriott Bonvoy account for any suspicious activities, more so those that they have not authorized. If they notice any abnormality, they should notify the company immediately.
• Do not share any details, especially financial or payment information, passwords, or account info to any person who contacts you or contacts you on behalf of Marriott International. According to Marriott, they will never email or call customers asking to provide this type of information via email or phone.
• Consider using unique passwords or password managers. Always monitor your emails and look out for phishing emails that claim to come from Marriott’s email addresses. It would also be best if you registered for an identity theft protection service such as IdentiSafe.

What You Can Do to Protect Yourself from ID Theft

With the help of social engineering and targeted phishing attacks, info extracted in this data breach is more likely to be turned into full-blown fraud or ID theft. After a data breach, the best approach to protecting your ID is by registering for an ID protection service. To be particular, you will want to subscribe to a service that spots the most powerful Dark Web Monitoring Tool so that in case your info is stolen and put on sale in the darknet market place, you can easily be notified and proper action is taken.

With all the packages, IdentiSafe, offers dark web monitoring, credit monitoring, and 24-hour access to our team of ID recovery specialists. When your data has been breached, there is only little you can do. So, the best thing to do is to take the necessary measures to deter ID theft and reduce the damages that may be caused by data breaches.

Signing up for an account on IdentiSafe will take less than five minutes of your time. If you truly want to protect yourself and your identity, consider signing up today.