Advertiser Disclosure

Starwood Data Breach Affects 500 Million Customers

Nov. 30, 2018
Loyalty Programs, Travel
At NerdWallet, we adhere to strict standards of editorial integrity to help you make decisions with confidence. Many or all of the products featured here are from our partners. Here’s how we make money.

A Marriott investigation shows that its database of Starwood hotels has been illegally accessed, making vulnerable customer information for reservations booked as far back as 2014.

Roughly 500 million guests are potentially affected. Here’s what customers need to know to protect their personal information.

  • The breach only affects Starwood customers. Even though Marriott recently merged with Starwood, Marriott guests were unaffected by the breach. Starwood hotels include the following brands: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton, Starwood branded timeshares and Design Hotels.
  • Guests will be notified by email on a rolling basis beginning Nov. 30, 2018. But since so many are affected, you should contact Starwood immediately or go on the dedicated website if you think you might be affected to get information. Expect a longer wait time when you call.
  • A wide range of personal information was stolen. For 327 million of the potentially affected guests, the stolen information can include any number of the following:
    • Name
    • Mailing address
    • Phone number
    • Email address
    • Passport number
    • Starwood Preferred Guest account information
    • Date of birth
    • Gender
    • Arrival and departure information
    • Reservation date
    • Communication preferences.

Payment information was more decrypted than other information, and may or may not have been accessed. The remaining 183 million guests had two or fewer items of information stolen.

  • Get free WebWatcher Enrollment. Marriott is providing guests with free access to enroll in WebWatcher to monitor any suspicious activity online with their information for a year. The program crawls the internet and alerts you where your information is showing up. To enroll for free, you must go to the dedicated breach website.
  • Double check your credit on your own. This is a good reminder to check credit bureau reports and past bank statements frequently for fraudulent charges. You’re entitled to at least one free credit report from each credit bureau every 12 months via AnnualCreditReport.com. If you see new credit cards are opened or other information that indicates potential identity theft, contact your bank and credit bureaus to report it.

How to choose a travel rewards program

Loyalty programs can help maximize earning, but it’s important to consider what those points and miles are worth.

Planning a trip? Check out these articles for more inspiration and advice:
5 things you should know about the Marriot-SPG merger
NerdWallet’s identity theft and cybersecurity guide
7 things every credit card user needs to know about fraud

About the author