Marriott data breach hits 500 million guests. Here’s what to do if you’re one of them.

It's likely one of the biggest data breaches in corporate history.

  • The breach dates back to 2014 and potentially affected 500 million customers.
  • Millions of guests potentially had credit card information stolen.
  • It's likely the second largest data breach in corporate history.

Have you recently stayed at a Starwood hotel such as a Westin or a St. Regis? If so, you should probably change your Starwood passwords and check your credit card accounts because Marriott International announced Friday that its Starwood guest reservation system has suffered a data breach that potentially exposed the data of about 500 million guests.

It's likely one of the biggest data breaches in corporate history.

Marriott, which owns Starwood hotels, said it received a security alert in September signaling that a data breach had occurred within its systems in 2014. After conducting an investigation, the company said that an "unauthorized party had copied and encrypted information" from its Starwood database.

For about 327 million guests, the exposed information includes a combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, birthdate, gender, arrival and departure information, reservation date and communication preferences. Millions of other guests potentially had their credit card numbers and expiration dates stolen, though this information would have been encrypted in some form.

"We fell short of what our guests deserve and what we expect of ourselves," CEO Arne Sorenson said in a statement. "We are doing everything we can to support our guests, and using lessons learned to be better moving forward."

Starwood hotel brands include Westin, Sheraton, The Luxury Collection, Four Points by Sheraton, W Hotels, St. Regis, Le Méridien, Aloft, Tribute Portfolio and Design Hotels. Marriott has set up a website to address questions potentially affected customers might have.

The attorneys general of Maryland and New York said they plan to open investigations into the breach. Shares of Marriott stock were down about 7 percent on Friday afternoon.

​What you can do to protect your data

If you've stayed at a Starwood hotel in the past few years, it's definitely a good idea to change any passwords you have tied to a Marriott or Starwood account, and also to verify that there's been no strange activity on the card you used to pay for your trip.

As far as what you can do to protect yourself against future data breaches, NBC News' Jeff Rossen, an investigative reporter, advises people to sign up for two-step authentication on services that use credit cards, and to set up fraud alerts with your bank or any business that has your private information.

The biggest data breaches in history

The Marriott breach is likely the second largest corporate data breach ever, second only to a 2013 breach that affected roughly 3 billion accounts tied to Yahoo and its brands. Hackers have various motivations for stealing big caches of data, but chief among them is the intent to steal identities by stitching together a target's personal information: social security number, credit card numbers, birthdate, etc.

A chart from Trend Micro shows the biggest data breaches to date, excluding the attack announced today.

Want to help fight climate change? Try going 'flexitarian.'

Whether or not there are tropical islands in 50 years might depend on whether or not we can eat fewer hamburgers.

Surprising Science
  • Results from recent research suggest we have roughly 12 years to keep global warming to 1.5 degrees Celsius. If we can't, then the amount of greenhouse gases released to the atmosphere will have compounding feedback loops that progressively warm the planet up further.
  • One of the biggest culprits in warming the planet is the production of beef and sheep meat.
  • Anybody could help prevent climate change by consuming less beef and sheep, or by cutting them out entirely.
Keep reading Show less

Iceland is officially worshiping Norse Gods again

For the first time since the Vikings sailed, the Icelandic public will soon be able to worship classical Norse gods like Odin, Thor, and Frigg at a public temple built in their honor.


For the first time since the Vikings sailed, the Icelandic public are worshiping classical Norse gods like Odin, Thor, and Frigg at a public temple built in their honor. "The worship of Odin, Thor, Freya and the other gods of the old Norse pantheon became an officially recognized religion exactly 973 years after Iceland’s official conversion to Christianity."

Keep reading Show less

Heart wrenching letter confronts tech companies' accidental cruelty

"Didn't you see me Googling 'baby not moving?'" Gillian Brockell wrote a heartbreaking open letter to big tech companies imploring them to change the ways they target ads to users.

Gillian Brockell's letter posted on Twitter (Twitter)
Politics & Current Affairs
  • Advertisers are increasingly using hyper-specific information on users, collected by big tech companies, to sell products.
  • An open letter published Tuesday outlines how this kind of ad targeting can be not only creepy, but also inadvertently cruel and distressing.
  • Also on Tuesday, the House questioned Google's CEO, partly on issues related to data privacy.
Keep reading Show less