Breach of Marriott’s Starwood Guest Reservation Database Exposed Personal Information of Up to 500 Million People

On December 4, 2018, the FTC advised that Marriott International said that a breach of its Starwood guest reservation database exposed the personal information of up to 500 million people.

According to Marriott, the hackers accessed people’s names, addresses, phone numbers, e-mail addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information. For some, they also stole payment card numbers and expiration dates. Marriott says the payment card numbers were encrypted, but it does not yet know if the hackers also stole the information needed to decrypt them.

Marriott Data Breach Began in 2014 – Individuals Who Made a Reservation at a Starwood Property On or Before September 18, 2018 Could Be Affected

The hotel chain, according to the FTC, says the breach began in 2014 and anyone who made a reservation at a Starwood property on or before September 10, 2018 could be affected. Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts, and other hotel and timeshare properties.

Marriott Sets Up Information Website and Call Center to Answer Questions of Affected Customers

Marriott set up an informational website,, and a call center, (877) 273-9481, to answer questions. It says affected customers also can sign up for a year of free services that will monitor websites that criminals use to share people’s personal information. Marriott says the service will alert customers if their information shows up on the websites, and will also include fraud loss reimbursement and other services.

FTC Recommends Individuals Take Advantage of Free Monitoring Service and Take Additional Steps

The FTC advises that if your information was exposed, take advantage of the free monitoring service, and consider taking these additional steps:

  • Check your credit reports for free from Equifax, Experian, and TransUnion by visiting Accounts or activity that you don’t recognize could signal identity theft. Visit to find out what to do.
  • Carefully Review your payment card statements. Look for credit or debit card charges you don’t recognize. If you find fraudulent charges, contact your credit card company or bank right away, report the fraud, and request a new payment card number.
  • Place a fraud alert on your credit files. A fraud alert warns creditors that you may be an identity theft victim and that they should verify that anyone seeking credit in your name really is you. A fraud alert is free and lasts a year.
  • Consider placing a free credit freeze on your credit reports. A credit freeze makes it harder for someone to open a new account in your name, but won’t stop a thief from making charges to your existing accounts.

Marriott, according to the FTC, says it will send some customers e-mail messages with a link to its informational website. Often, phishing scammers try to take advantage of situations like this. Phishing scammers pose as legitimate companies and send e-mails with links to fake websites to try to trick people into sharing their personal information. Marriott says its e-mail will neither have any attachments nor request any information. Consumer should be aware that the safest course of action, according to the FTC, is to access the informational website by typing in the address

To learn more about protecting yourself after a data breach, visit For more information about steps to take after a data breach, please see:


Kehoe Law Firm, P.C.