On November 30, 2018, Marriott Hotels acknowledged it had failed to adequately protect valuable personal information of nearly 500 million customers. Marriott’s online notice acknowledges that Marriott lost control of “name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.” It further states that some “payment card numbers and payment card expiration dates” were also exposed.
Marriott appears to have made numerous inappropriate missteps in protecting its customers’ data. Notably, Marriott admits that there had been unauthorized access to its servers since 2014, and that this data had been decrypted and copied as recently as November 19, 2018. A four year failure to note unauthorized access is unacceptable.
The appropriate steps a concerned customer can take now would be to put a security freeze on your credit at this time by visiting, www.equifax.com, www.experian.com, and www.transunion.com, at a minimum.