News & Knowledge

7 Things You Can Do Now in Light of the Starwood/Marriott Breach

7 Things You Can Do Now in Light of the Starwood/Marriott Breach
by Sean Sonnenberg

November 30, 2018

By: Drew Sorrell

Today Marriott International announced a massive data breach of its Starwood database. Hackers took off with names, mailing addresses, phone numbers, email addresses, passport numbers, affinity account information, dates of birth, gender, arrival and departure information, reservation dates and communications preferences or some combination of this personal information. According to Marriott officials, the stolen information was accessed from the Starwood database as early as 2014 and effects information in the company’s possession prior to September 10th of this year.

Here are 7 ways to protect yourself:

1. Communicate with business associates. Are you traveling? The hackers now know this, and the details. Remind your business associates how a smart hacker can exploit and spoof your email to look like it’s coming from you, and to always double check with you personally before acting on that odd request to wire money or employee information to “you” while you are traveling.

2. Change your passwords. If you recycle passwords as many of us do (but shouldn’t), at a minimum change the password for every account that uses the same email address. Consider changing your passwords on a routine basis using a trigger that is easy to remember, such as daylight savings time.

3. Change your Starwood password. Obvious.

4. Sign up for credit monitoring. Credit monitoring is increasingly cheap and in some cases free. Why not have it in place so that if a new account is opened, a new credit check hits or the like, you get an instant message or email when it happens so you can react!

5. Get a password manager. One of the problems with passwords is having to remember them. With a password manager, you create a single master password (we suggest using a pass phrase that is memorable, long, and includes a number and special character), and then file your other passwords into the encrypted password manager. You won’t have to remember any passwords but the one that gets you into your password manager. Easier and safer!

6. Download the App for your credit cards and banks. Frequently, these apps will permit you to turn on messaging to alert you of transactions. Thus, if you are sitting in a meeting and get a text that “you” just bought something, you may react immediately. Many also offer two-factor authentication, where you receive a special code via text after logging in – highlight recommended if available.

Finally,

7. Consider your Email Choice. If you are using your work email, as many of us do, for travel or other accounts, when they are breached, this email address is a trail back to you at the office. We suggest using a different email address that is generic and sanitized for such things.

Hackers are smart. Try to be smarter with extra thought and security applied to all your online activity.

If you have any questions regarding data breaches, contact Drew Sorrell or any member from our Privacy, Cybersecurity & E-Discovery Group.

Related Professional