Starwood Guests Urged to Watch for Fraud Following Data Breach

Starwood Data Breach

What happened? 

Starwood Hotels & Resorts disclosed a data breach involving customer payment cards at 54 of their North American properties. They became aware of the leak after discovering malware on a number of their onsite retailers (cafes, gift shops, and restaurants within their hotels).

Malware is a form of software that hackers use to obtain unauthorized access to a network. Once in, hackers can discretely collect sensitive data — such as payment card information that can be used to make fraudulent online purchases or create counterfeit credit cards.

The malware in this incident exposed customers’ names, payment card numbers, expiration dates and security codes. Starwood has no evidence that other personal information was compromised.

The attacks occurred between November 2014 and October 2015; however, dates vary greatly from hotel to hotel. On average, malware was present for 71 days at each location. Starwood has published a complete list of impacted locations, with many occurring at high-end Sheraton and Westin properties.

The announcement comes just days after Marriott International acquired Starwood. It is unclear if this is what prompted the company to publicly disclose the compromise, seeing as the majority of the malware was removed in April 2014.

Starwood is currently working with law enforcement officials and has hired a third-party forensic team to investigate the incident. They have concluded their systems are currently free of malware.

Guest reservation systems and hotel loyalty programs were not impacted by this attack.

What should you do?

  1. Review impacted locations
    Due to Starwood’s extensive portfolio of hotel brands, it’s vital that frequent travelers review the list of impacted locations. If you made a purchase at an on-site retailer during the window of exposure, please take the necessary precautions to safeguard your financial accounts.
  1. Check bank statements
    Regularly review bank statements for signs of fraud. Contact your financial institution immediately if you believe your information has been compromised. Remember, you will not be liable for fraudulent charges as long as fraudulent transactions are reported quickly.
  1. Enroll in identity protection services
    Starwood is providing potentially impacted guests with one year of free identity protection and credit monitoring services. Concerned customers should contact 1-877-322-8228 to take advantage of this offer.

Fighting Identity Crimes will keep you updated as new information becomes available about the Starwood data breach. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.