- REUTERS/David Mdzinarishvili
- About 500 million people have had their data hacked after staying at Marriott brands, including W, Sheraton, and Westin, the company said on Friday.
- A breach in the Starwood guest-authorization database means that millions of people had a combination of their names, addresses, passport numbers, dates of birth, and other information stolen, the company said. An unspecified number of people also had their credit-card information taken, though it was encrypted.
- Data breaches are becoming our new normal, so it’s more important than ever to stay on top of your money with secure passwords and consistent monitoring.
- One solution, according to many experts, is freezing your credit, but that won’t protect against the most common type of identity theft.
About 500 million people have had their data hacked after staying at Marriott brands, including W, Sheraton, and Westin, the company said on Friday.
For about 367 million of those affected, Marriott said, the information taken includes some combination of their names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, genders, and other information from their Starwood accounts, Business Insider’s Sinéad Baker reported. An unspecified number of people had their credit-card information taken.
Marriott said the unauthorized access had been going on since 2014 and the breach affected customers who made bookings on or before September 10.
In 2017, Equifax, one of the three credit reporting agencies in the US, was compromised, potentially exposing the Social Security numbers, credit card numbers, and other personal information of nearly 150 million Americans. The breach upset many people, in part because Equifax’s chief financial officer and two other senior executives dumped almost $2 million of Equifax stock once they learned about the hack.
Unfortunately, data breaches are nothing new, and they aren’t going away. In fact, between January 2017 and April 2018, at least 16 separate security breaches occurred at US retailers, Business Insider’s Mary Hanbury and Dennis Green reported.
Keeping our money online is convenient and easy, except in instances like this. But you still shouldn’t freak out.
As Business Insider’s resident financial planner Lauren Lyons Cole said in an article on the Equifax breach, “Even when we take all kinds of steps to protect ourselves online, our best-laid plans can still result in financial foibles – whether as a result of our own error or a giant financial company’s.”
“The only thing we can do is try to protect our data as best we can, and respond quickly if something does happen,” she continued. “You’ll be okay, I promise.”
Here are Lyons-Cole’s tips for protecting your data online.
1. Find out if you’ve even been compromised.
The AP reported that Marriott will send email notifications to those affected starting Friday.
2. Use secure passwords on all of your accounts, including your online shopping accounts.
This is like eating your vegetables: You know you should do it, but it’s not fun and you’d rather not. I get it. But any data security expert will tell you secure passwords are a necessity. Every site you use should have a different password, and it shouldn’t be easy to guess.
Keeping track of a random string of 15 letters and numbers is basically impossible, so I use LastPass to generate and save all my online passwords. Hopefully, they don’t get hacked, but at least it’s better than storing all my login info on the notepad app on my iPhone.
3. Understand how to freeze your credit, but don’t do it quite yet.
Freezing your credit protects against new accounts being opened in your name – one of the rarest types of identity theft out there, affecting only 4% of victims, according to the most recent Bureau of Justice Statistics (BJS) data.
The vast majority of identity theft victims – 86% in 2014 – have problems with an account, such as a credit card or bank account, according to BJS data. Freezing your credit won’t prevent that type of crime.
Setting up a fraud alert only requires calling one of the credit agencies, but you’re going to have make copies of and mail in many important documents to put it in place.
Freezing your credit means dealing with customer service agents at all three credit bureaus – Equifax, TransUnion and Experian – and keeping track of a unique pin number that you’re going to need anytime you want to open a new account or move to a new apartment. Make sure you fully understand how it works (the Federal Trade Commission has a nice breakdown) before you start the process.
One caveat: If your identity has actually been compromised – as in, someone tried to open a fraudulent account in your name – then this is an important step to take.
4. Monitor your money regularly – even if you haven’t been compromised.
I use Mint.com to quickly check all of my financial accounts every morning, just like I check my email and Instagram. This came in handy both times my credit card was stolen. I was able to identify the pending charges before they even cleared my account, and American Express me a new card overnight. It was a little annoying, but not that big of a deal. I know people who have experienced far more serious identity theft and managed to resolve the issue by identifying it and acting quickly.
If you have been compromised, this becomes even more essential. You can monitor your credit for free with a service like Credit Karma by selecting to be notified when a new account is opened under “Communications and Monitoring” in the profile settings.
For those affected by the Marriott breach, the company said it will pay for guests to sign up for a yearlong membership for WebWatcher software, which monitors where your personal information is shared online.
5. Optimize your money management and credit usage.
A breach like this is a good reminder to check your credit score, pull your credit report, and review the way you’re currently managing your money. There may be things you can do to improve your credit score, fix any errors on your credit report, and optimize your collection of credit cards.
Considering data breaches are more or less our new normal, the only thing we can really do is the one thing we should be doing anyway: staying on top of our money and fixing any issues as soon as we can. No one is going to be more interested in your financial situation than you are. Not even a hacker.
6. File your taxes early.
The IRS is cracking down on tax fraud, but there could be an uptick after a data breach of this size. Get your tax information organized early and submit your return as soon as you receive your W-2 and 1099 forms. Added benefit: If you’re due a refund, you’ll get it sooner, and if you owe taxes, the amount isn’t due until April 15 regardless of when you submit your return.