What Consumers Worried About
the Marriott Hack Should Do|
December 3, 2018
Up to 500 million people
may have had their personal information compromised as part of
an online security breach, Marriott Hotel announced Friday. The
cyber attack occurred at Starwood hotels, which include The
Westin, W and Sheraton hotels.
Gary Davis, the chief consumer security evangelist at McAfee, a
cybersecurity company, spoke to Voice of America about what
people can do.
Who should be concerned?
If you stayed at any of their properties, I would assume that
they captured that information about you and that you could have
What should someone do?
Go in and change your passwords. One of the big challenges we
have with consumers is they tend to use the same password over
and over again and so if you use the password you use for this
account in other locations, then I would go in and change those
passwords as well. Because what the bad guys will do is that
this may not be a high-value password to them, but they know
maybe it's the same password you use with your bank or a
commerce site or things like that where would be higher value.
So that's the first thing I would do. Go in and change your
password. Super important.
What about bank accounts?
The second thing we would suggest they do is monitor your bank
accounts. This is something every consumer should do as a habit.
For example, literally every day I open, I have two or three
accounts where I keep my money, I go in and check to see if
there's anything that looks odd or suspicious in any of those
accounts. It's just good hygiene because if I'm the bad guy,
that's where I'm going to get the most upside.
The other thing I would do is if you're not using any type of
credit monitoring, I would use that. I know that they have
provided one as part of their service to help consumers out, use
that one, use others that are available, but use a credit
monitoring service to see if your data is coming up like on the
dark web as being sold on the dark web or otherwise being
compromised in the credit reporting systems.
Should I be concerned about my passport?
If they just got the passport number, which looks like the case
here, they can't do much with it. I mean the passport only gives
you the ability to travel. So without the actual physical
document — the passport that can be machine-read at the airport
— there's not a lot of value in that passport number. So again,
I would look for any suspicious activities if you're a frequent
flyer with an airline, see if somebody is trying to access those
accounts and maybe use it to fly, but a passport number by
itself is not that valuable.
Now, stuff like date of birth, address, social security number,
those are the things that you can establish credit with and can
be used to do fraudulent activities and things like that.
What do you do if you see something suspicious?
The first thing you'd do if you see suspicious activity either
on your bank accounts or with the credit bureaus like someone is
trying to get a credit card as you or something like that,
contact them first, call the credit authority. Call your bank.
Stop that immediately. Once you've done that, then yes, you go
to the law enforcement and, and make sure that it's documented
and they issue a police report.
would certainly encourage that they have active antivirus
running on their systems because in a lot of cases if they get
your email and your password, they will use that to send you a
phishing email for example. And then when you click on that,
that has a strong likelihood of you downloading malware to your
device and at that point they can do a lot more damage than just
what they got in this particularly breach.
... If you do those three things, good password hygiene and
management, checking your credit on a regular basis and make
sure nothing is going on there and making sure that your system
is got both the latest system patches and active antivirus
running on it, you should be as well protected as you could hope
to be in light of these types of incidents, regardless of if
it's this organization or any other.