After all of the news about the Marriott Security Breach, I decided to do a bit of investigation. What information was lost based on my own Marriott profile, and what should I do to secure my online accounts?

First off, when I arrive at the Marriott website, there is no indication that anything bad has happened.  The website looks normal, I cannot find any obvious link to a site about the Security Breach that lost 500 million accounts.  There is a news link, which is where the announcement was posted.  Here is a link to the official website created for this breach, it is not liked from the Marriott site, so I am linking it here.

I first thought, no big deal, another company has lost my information…  What does this mean for me and the other 499+ million users that this has happened to?

First off as I read into and learned what information was stolen, it became very concerning!  Names, mailing addresses, phone numbers, email addresses, passport numbers, DOB, gender.  

Why is this so alarming? Criminals can buy and sell this information on the “Dark Web”.  If they purchase your Social Security Number with the information included in the Marriott Breach they can do major damage to millions of people.

1. Any thief can use that information to commit credit fraud.  They can use the information to create credit cards for you, then use the credit card, and not pay it.  
2. They can call any of your financial institutions or your bank.  Here is what the conversation could sound like.  Hi, I am Lance Caven and I have forgotten my password.  oh, you need some more information to prove that it is me, here is my birth date, my passport number my address and phone number.  Ok, thanks for resetting my password.  
3. A scam that I have been a victim of  in the past is the following:  a criminal called a store where I had a store charge card.  The criminal changed my mailing address, then once they received my bill, they called back to the online store and ordered $10,000 dollars worth of Norelco Razors. They shipping the order to an abandoned warehouse located on the east coast.  When I called the store fraud hotline, the company was helpful (I didn’t owe any money), but the store didn’t care since they made a $10,000 dollar sale and insurance covered the losses to them for the credit card charges.
4. Thieves can log in to your bank account and change your password if they can guess your security questions.  At that point drain funds.  
5. Criminals can use the information to do Phishing scams against you or your contacts.  

What Now?  How do I protect myself?

Fraud Monitoring:  Marriott is offering customers a fraud monitoring service at no cost for one year. WebWatcher (Marriott’s selected tool) monitors websites where personal data is shared and alerts customers if their information is found. People can enroll in WebWatcher through Marriott’s dedicated website.

Assume you’re compromised – freeze your credit files with the major credit bureaus, and regularly ordering free copies of your credit file from annualcreditreport.com to make sure nobody stealing or messing with your credit.

My final recommendation:  Use unique passwords for each different website or software program you use.  If your password was compromised, and you had the same password for your banking, it would be easy  for a thief to take your money.   I use a password manager to help accomplish this feat.