905.505.2526 [email protected]

Today we wake up to the news that Marriot and its Starwoods group has had a data breach. Not just a breach but a HUMUNGOUS one. Right now the number sits at 500Million accounts, but as we know from experience, this number can very soon change.

The CEO, Arne Sorenson, has already come out with the anticpated apology statement and there is good committment from the orgnizaiton that they will do what they have to do to help ease the pain.

Marriott Announces Starwood Guest Reservation Database Security Incident

But where does it leave its guests? Well if you are like me, at some point since 2014, you have stayed at a Starwood hotel or one of its affiliates. Meaning, you could be a victim. Of course it is possible that you may not be either.

So how do you know? Starwood/Marriot have started notifying guests today via email if they are on their confirmed list. This means that the company will be trying to reach out to everyone that they can.

But this is not guaranteed. So if you are suspect, you should take action either way to ensure your informattion cannot be used against you.

Here are my actions items for anyone cuahgt in a data breach

  1. Passwords– Start by changing your passwords. Not just the password on the site in question of the breach, but on any site that uses the same username or password. What we learned with more recent “credential stuffing” attacks, is that passwords are often reused by consumers, and stolen credentials are then used to to access other sites. Changing passwords frequently and having unique passwords for every site is good hygeine and best practise.
  2. Security questions- If you have these on sites consider changing them. Even better consider using two factor authentication on sites that offer it to help validate who you are.
  3. Credit Cards- This one is tough as the time lines could cover current or expired cards. But best practise advises that you monitor your bank statements, looking for any anomolies. Also for future, try to segregate your personal card use, such as having one card specific to travel, one for oneline shopping and one for general use, as examples. This may save time and aggravation down the road.
  4. Phishing Email– While using your information directly is often the goal of hackers, another devious turn is to use your own information against you. There is often a rise in SPAM and phishing email using your own email address, information about you or other private information to convince you to click on malware or provide more personal data. Keep anti-virus up to date on your systems and learn how to spot phishing email or other mail threats.
  5. Contact the company involved- Lastly ensure that you reach out to the company involved. Marriot, like many have already setup a webpage (see below) with a vast amount if information and steps you can take. Depending on where you live, certain free tools are made available to help deal with your personal impact.




Security breaches are becoming commonplace now. It is up to all of us to take steps and become vigilant in spotting fraud from these breaches and acting quickly and propoerly to minimize the impact to ourselves.!