Remember back in November, Marriott confirmed that it has suffered a massive data breach that has compromised the information of around 500 million guests who made reservations at their Starwood properties? (Marriott has since lowered its estimate to 383 million guests.)
For approximately 327 million of these guests, the stolen information includes names, mailing addresses, phone numbers, email addresses, date of birth, password numbers and, in some cases, payment card numbers and expiration dates.
The troubling part about this breach? Marriott discovered during its investigation that unauthorized parties have been accessing the Starwood network since 2014. That’s more than four years!
Hotel chains affected by Starwood Marriott data breach
If you stayed or made reservations at these Marriott Starwood brands, you’re most likely affected by the data breach:
- Aloft Hotels
- Design Hotels
- Element Hotels
- Four Points by Sheraton
- Le Méridien Hotels & Resort
- Sheraton Hotels & Resorts
- St. Regis
- The Luxury Collection
- Tribute Portfolio
- W Hotels
- Westin Hotels & Resorts
By this time, you may have already received Marriott’s email notification indicating that your information is part of the breach.
If you haven’t and you suspect that your information was compromised, Marriott has finally released its own tool to check if your data was part of its massive data breach. But the question is — should you even use it?
Is Marriott’s data breach checking tool safe?
Marriott has partnered with security company OneTrust to enable customers to check individual passport numbers to check if they were included in the breach. You can access this tool via this webpage.
There’s a big catch, though. You’ll have to enter tons of your personal information on the web tool itself to submit the request.
Yep, Marriott is asking you to enter the same information that was stolen in the breach so they can verify if you’ve had your information stolen.
The tool requires your:
- First Name
- Last Name
- Email Address
- Starwood Preferred Guest (“SPG”) number
- Last 6 Characters of Passport ID
- Postal Code
Once you submit the required information, your results won’t even show up right away. The form states that “Marriott will respond to your request as soon as reasonably practicable and consistent with applicable law.”
Hmm, entering your sensitive information in yet another third-party online database that can be potentially hacked, too? This may not be your best course of action.
How to check if your information was breached with Starwood
Before you even think about using this tool, you should call Marriott’s dedicated call centers first. This information is listed on its Starwood Guest Reservation Database Security Incident FAQ page.
If you haven’t stayed or made reservations in any of the mentioned Marriott Starwood properties, there’s no need to check your information anyway.
However, if you have any questions or concerns about your information, it’s better to talk to a live agent first. Since this is an international incident, the call center numbers for each country are listed on the FAQ page, too. For U.S. customers, the hotline is 877-273-9481.
Additionally, if Marriott believes your information was impacted, you may have already received an email from the company.
This means you may be qualified for Marriott’s free offer to enroll in a service called WebWatcher for free, for one year. The site monitors and analyzes sites where your personal information could be used, and alerts you to any activity.
Next, you can check your credit report or sign up for a credit monitoring service that will notify you of any changes with your credit. To play it extremely safe, you might even consider freezing your credit altogether if you have no plans to open new credit card accounts or apply for loans anytime soon.
And for this breach or any previous incidents, you can also check out the site HaveIBeenPwned? to see if your email addresses have been compromised.