Home News Attorney General Dewine Warns of Security Breach at Marriott Exposed 500 Million...

Attorney General Dewine Warns of Security Breach at Marriott Exposed 500 Million People’s Info


COLUMBUS, Ohio)—Ohio Attorney General Mike DeWine today offered tips for consumers following Marriott’s recent announcement of a data breach affecting as many as 500 million guests who made a reservation at a Starwood brand hotel, which includes Sheraton Hotels & Resorts and Westin Hotels & Resorts, among others.

Marriott has reported it believes hackers gained unauthorized access to the Starwood guest reservation database in 2014 and that people who made a reservation on or before Sept. 10, 2018, at a Starwood property may have been affected.

The company has reported that for approximately 327 million guests, the information breached included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preference. It also said some payment card numbers and expiration dates may have been affected.

“Any time there is a breach that has gone undetected for this long and affected this many people, it’s very concerning,” Attorney General DeWine said. “We’re hoping Marriott will step up to help those affected. We’re also encouraging individuals to take steps to protect themselves.”

Tips for consumers include:

  • Monitor your accounts. Look for suspicious activity. If you find errors, immediately notify your bank or credit card provider.
  • Beware of scams related to the breach. Con artists may pretend to have information about the breach or they may falsely claim to want to help you. Some calls or messages may be scams designed to steal your money or personal information. Don’t give out personal information to those who contact you unexpectedly (even if they say they want to help you) and be wary about clicking on links or downloading attachments in messages.
  • Check your credit report. Monitoring your credit report can help you identify signs of potential identity theft. You are entitled to one free credit report per year from each of the three major credit reporting agencies. Visit www.AnnualCreditReport.comto access those reports. You can pull all three at once, or you can stagger pulling your reports throughout the year.
  • Place an initial fraud alert on your credit report. Contact one of the three major credit reporting agencies — Experian, Equifax, or TransUnion — to place an initial fraud alert, which will stay on your credit report for one year. The alert is free of charge and will make it more difficult for someone to open credit in your name.
  • Consider placing a security freeze on your credit report. A security freeze (or credit freeze) essentially puts a lock on your credit so that most third parties can’t access your report. This helps protect you from unauthorized accounts being opened in your name. Security freezes are permanent until you lift them, and they are now free to place or to remove. Contact each credit reporting agency separately to place a freeze.

Consumers should keep in mind that even if their information is compromised in a data breach, it doesn’t necessarily mean it will be used by an identity thief to open accounts or commit other fraud. However, consumers should watch for warning signs that their information may have been used fraudulently.

Signs of possible identity theft may include:

  • Unexpected mail about accounts you did not open.
  • Unexpected collection calls or letters.
  • Another person’s name showing up in your background check or credit report.
  • Credit reporting errors or a lower-than-expected credit score.

Consumers who want help correcting the effects of identity theft should contact the Ohio Attorney General’s Office at 800-282-0515 or www.OhioProtects.org. Attorney General DeWine created an Identity Theft Unit in 2012 to help victims repair the damage caused by identity theft, such as by clearing fraudulent debt in a victim’s name. The unit has eliminated over $2 million in fraudulent charges since its creation.