Earn an extra 10% cash back (up to $100)*
theft hacking marriott data

Massive data leak at Marriott: 500 million customers affected

Marriott just announced that it is investigating a massive data leak related to Starwood’s reservation system. Details.

Data leak at Marriott

On November 19, 2018, Marriott discovered unauthorized access to one of its databases that contains reservation information prior to September 10, 2018.

And that access went back as far as… 2014 ! Marriott concludes that approximately 500 million customers, who have stayed at Starwood hotels, are impacted.

For approximately 327 million customers, the information stolen includes:

  • Name
  • address
  • email
  • phone
  • passport number
  • Marriott Bonvoy account number
  • date of birth
  • gender
  • dates of stay in the hotels

For other customers, credit card numbers and expiration dates… !

All the details in French are on this page.

Free one year subscription to WebWatcher / Kroll

As compensation for this leak, Marriott provides a free subscription to the WebWatcher / Kroll service.

This service monitors various sites to detect whether your personal information is being used:

  • Email address
  • Phone number
  • Credit cards

kroll monitoring

Personally, I’m not going to list my credit card / SIN / bank account numbers… just my email and phone addresses. After all, we are not immune to Kroll having information stolen too 🙂

To register, you must go to this web page.

What to do?

Data leaks are recurrent and are due in particular to systems that date from the 1990s to 2000 and are not prepared for computer attacks. Most large companies are familiar with it: recently CIBC, Equifax, Facebook have been in the news for the same reasons.

Unfortunately, there is not much you can do… unless you live cut off from the world and stop traveling! Caution is still required:

  • monitor your credit report regularly to prevent identity theft
    • With Equifax
    • With Transunion
  • try to fill in as little information as possible (ignore filling in any “optional” information) when registering for programs
  • carefully monitor your credit card statements – with Mint for example.

But once again: Equifax, Transunion, Mint… are not immune to data theft (as was the case with Equifax…).

In any case, if a fraudulent transaction is charged to your credit card, you are protected by “fraud protection”. It will be a hard time, but you will automatically get your money back.


Come to discuss that topic in our Facebook Group!
Jean-Maximilien is an expert in Canada and France about Loyalty programs, Credit cards and Travel. He is the Founding President of Milesopedia.

Suggested Reading