, ,

500 million Starwood guests at risk following the Marriott data breach

Customers of Starwood Hotels & Resorts are at risk of identity and financial fraud following a massive data breach. Starwood’s hotel brands include W Hotels, Sheraton, Le Méridien and Four Points by Sheraton.

See the whole list of hotel and timeshare brands hit by the data breach here.

Marriott International purchased Starwood Hotel & Resorts for $13.6 billion in 2016, creating the largest hotel chain in the world. Marriott-branded hotels use a different reservation system and this has not been affected by the data breach.

What happened in the Starwood data breach?

The hotel chain has admitted that an unauthorised party had compromised its guest reservation database.

Worse, it appears that the hackers have had access to the network since 2014 and that they have accessed, copied and removed the private data of around 500 million customers. This information includes a combination of

  • names
  • addresses
  • phone numbers
  • email addresses
  • passport numbers
  • account information
  • dates of birth
  • gender
  • arrival and departure information
  • credit card/bank card details.

While the hotel chain used an encrypted credit card system, it has admitted that the hackers could have stolen the encryption keys needed to decrypt this financial data.

What should you do if you are affected?

The Marriott group has said that it will contact all affected customers whose email addresses were in the Starwood reservation database. If you have been a customer of any of the affected hotels or timeshare properties between 2014 and 10 September 2018 and you haven’t received an email make sure that you check your junk mail folder.

There is also a free helpline. For UK customers the number is 0808 189 1065.

The Information Commissioner’s Office (ICO) is also looking into this matter. The ICO is the independent authority charged with upholding data protection rights in the UK. In a statement it has said: “We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.”

Will Starwood offer compensation?

To date, no monetary reparation has been offered. However, this is one of the most serious data breaches of its kind. The theft of personal and financial information could lead to identity and financial fraud which has the potential to cause huge harm. So, if you are a Starwood Hotels & Resorts customer and you have suffered financial loss or distress because of the data breach you could be entitled to compensation.

Two US-based law firms have already filed class action lawsuits against Marriott International, and at Hayes Connor Solicitors we are now considering launching a group action to compensate UK victims of the Marriott data breach.

What are we seeing?

The Starwood Hotels & Resorts is a huge data breach. Not only because it affects millions of people, but also because the hackers have had access to this information since 2014.

Although the Marriott is headquartered in the US, it still has to comply with the EU’s rules when dealing with citizens here. And, at Hayes Connor we have already received an influx of queries from people across the UK who are worried that they have been put at risk.

The good news is that the data regulator is investigating the case and Marriott International could be hit be a huge fine under the GDPR (the latest data protection regulations). However, this is of little help to consumers.

What should you do now?

Marriott is still working with cybersecurity experts to determine the scope of the breach. However, it is vital that you do everything you can to protect yourself. This includes:

  • Contacting your bank/credit card provider immediately if you are worried that your financial details have been exposed
  • Beware of fraudsters who attempt to gather personal information (phishing)
  • Report any suspected phishing attempts to the police and relevant authorities
  • Look out for any bills or emails showing goods or services you haven’t ordered, or any unfamiliar transactions on your account and alert your bank or card provider immediately if there is any suspicious activity
  • Keep an eye on your credit score for any unexpected dips. Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name
  • Beware of any unsolicited communications that refer you to a web page asking for personal data
  • Register with a suitable fraud prevention service
  • Change your passwords on all your accounts
  • If compensation is offered, do not be not fobbed off by a low amount. The effects of a data breach can be severe and long-lasting, so it’s vital that you get the justice you deserve.

Committed to helping victims of data breaches and cybercrime we can take on your claim on a no-win, no-fee basis. Our initial assessment is always free. We’ll ensure that you are fully informed on this matter and will notify you about the investigation and your legal rights when making a claim.

If you have received an email from Marriott letting you know that your details have been put at risk, get in touch. We’ll let you know if and when you can claim. You can also read our step by step guide to making a data breach claim here.