Marriott data breach: 500 million guests' information exposed

CHICAGO (WLS) -- If you've been one of the 500 million guests at Marriott Starwood, your sensitive information may have been stolen, and it's much more than your credit card which can be targeted.

The first thing you should do: don't panic. Start by monitoring your credit card and bank information, and set up text alerts.

Marriot said it recently discovered that hackers began attacks in 2014. It's one of the largest breaches in history.

Marriott International is one of the world's largest hotel chains. Friday, it announced that its reservation database, called Starwood, was hacked. Half a billion customers may have had their personal information stolen, including names, email addresses, passport data and payment information. They said Starwood's system was breached in 2014, two years before Marriot acquired Starwood.

"They picked up these encrypted communications going outbound and when they did a little more digging they determined someone was syphoning information out of the Starwood database," said William Caput, ethical hacker.

Caput said hackers may want hotel stay information and travel itineraries

"It's not necessarily the credit card, because if it was, after four years the credit card companies would have identified the breach because they would have been finding the common denominator," he explained. "What this appears to be is they are data-mining individuals, they are finding people that travel internationally, you know, state departments, government officials, and they are able to find out hotels they are staying at, where they are staying when they are traveling."

An encryption system should protect customers' payment information, but Marriott said it has "not been able to rule out" the possibility that credit card information had also been stolen. The company set up a website and a call center to answer customer's questions.

"First and foremost, change your password. A lot of the other info you can't change. But your date of birth and address, that's something they are going to have, so you could be targeted with direct mail," Caput said.

If changing passwords, checking credit reports and setting up banking text alerts isn't enough for you, then take the next steps.

You can contact all of your creditors and lenders and give them a warning, or you could initiate a free credit freeze but credit freezes may take time to reverse if you need to open a line of credit. There are also services where you can pay a small monthly fee, to monitor your identity.

Marriott said it reported the breach to law enforcement.

New York's Attorney General said her office opened an investigation. Marriott is offering guests one free year of "Web Watcher," which sends alerts if personal information is being shared on questionable websites.

Click here for more tip from the BBB on what to do on in the wake of a data breach.
Copyright © 2021 WLS-TV. All Rights Reserved.