Hacked: What to do if you stayed at Marriott’s Starwood Hotel chain

Take Action to Protect Your Identity

December 4, 2018 By Mary Frost Brooklyn Daily Eagle

Hundreds of millions of guests learned over the weekend that their personal data, passport numbers and credit card information was stolen from Marriott’s Starwood database. Shown: The Sheraton Brooklyn New York Hotel at 228 Duffield St. is one of the Starwood properties affected by the data breech. Eagle Photo by Mary Frost

The city announced plans to convert hotels into temporary hospitals and quarters for healthcare workers during the pandemic. Pictured: The Sheraton hotel at 228 Duffield St. Photo: Mary Frost/Brooklyn Eagle

Share this:

If you have been a guest at any of Marriott’s Starwood properties over the last decade, including its brands of Westin and Sheraton hotels, you will probably want to take action now to protect your identity and credit card information.

Hundreds of millions of patrons learned over the weekend that their personal data, passport numbers and credit card information was stolen from Marriott’s Starwood database.

The unauthorized data breach went on undetected for at least four years, Marriott said in a release on Friday. The hacking started before Marriott took over the Starwood brands in 2016 and continued until it was detected in September. Security experts say this gave the hackers all the time in the world to create bank and credit accounts under hotel patrons’ name.

Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.

The data breech was so extensive — affecting approximately 500 million guests — and went on for so long the company is assuming that everyone who stayed at one of the properties was hacked.

“If you made a reservation on or before September 10, 2018 at a Starwood property, information you provided may have been involved,” the company said in a statement. This could include reservations made for a future stay.

Because patrons’ passport numbers were hacked, victims of this specific attack could be more vulnerable than victims of other massive breaches, U.S. Sen. Chuck Schumer said in a statement. Schumer wants the hotel chain to foot customers’ bill for a new U.S. passport, should they make the request.

“The experts will tell you, there is an art to identity theft and it lies in the ability to paint the most complete picture of the person whose information you’re looking to steal or sell,” Schumer said.

For approximately 327 million guests, the information stolen possibly includes name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates.

For the remaining victims, the information was likely limited to name, mailing address, email address or other information

What to Do If You’ve Been Hacked

Marriott has established a website (info.starwoodhotels.com) and call center to answer questions. The call center is open seven days a week and is available in multiple languages.

The company has already begun sending emails on a rolling basis to people whose email addresses are in the Starwood guest reservation database. Don’t respond to this email, however, as it may have been sent by a hacker with access to your information. Instead, visit https://answers.kroll.com/ for full information and contact numbers to call.

In addition, Marriott is providing guests the opportunity to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the consumer if evidence of the consumer’s personal information is found.

Guests from the United States who activate WebWatcher will also be provided fraud consultation services and reimbursement coverage for free. (To activate WebWatcher, go to info.starwoodhotels.com and click on your country, if listed, for enrollment.)

In the U.S., you can also request free credit reports from Equifax, Experian and TransUnion.

Starwood brands in Brooklyn include the Sheraton Brooklyn New York Hotel at 228 Duffield St. and Aloft New York Brooklyn at 216 Duffield St.

Not affected by the hack were New York Marriott at the Brooklyn Bridge at 333 Adams St. and Fairfield Inn & Suites New York Brooklyn, 181 3rd Ave.

Marriott says it reported the breech to law enforcement and has begun notifying regulatory authorities.

“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s President and Chief Executive Officer. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”