*Editorial Note: This content is not provided or commissioned by the credit card issuer. Any opinions, analyses, reviews or recommendations expressed in this article are those of the author’s alone, and may not have been reviewed, approved or otherwise endorsed by the credit card issuer. This site may be compensated through a credit card issuer partnership.
This article was last updated Dec 05, 2018, but some terms and conditions may have changed or are no longer available. For the most accurate and up to date information please consult the terms and conditions found on the issuer website.
News of yet another data breach may have you rolling your eyes as they’ve become so commonplace. However, the recent hacking of some 500 million guests of Marriott’s Starwood hotel reservation system is a big deal that should shake Americans out of their data breach fatigue and motivate them to take action.
Here’s why you should be concerned:
- 327 million people who stayed at hotels including Sheraton, W, Aloft, Westin and St. Regis, dating back to 2014, had a somewhat unique combination of personal identifying details stolen.
- Not only were credit card numbers, addresses, names, dates of birth, email addresses, Starwood rewards information, reservation information and phone numbers accessed, but also passport numbers.
- With all that highly confidential information, thieves can not only open new accounts in your name, but also gain access to accounts that already exist.
So while you know you’re protected against fraudulent charges on your credit card, you’re not protected against someone who could potentially impersonate you using all the personal data gained from this theft.
CompareCards.com Chief Industry Analyst Matt Schulz concedes that data breaches have become white noise to a lot of Americans. “They don’t shock us like they used to because millions of Americans assume, rightly so, that all of our information is already out there.”
However, most of the previous high-profile breaches, such as the ones that occurred at Target, Home Depot, and others, didn’t include passport numbers. What had not been widely reported about the 2017 Equifax breach was that 3,200 passport images had been hijacked when consumers submitted them when disputing inaccurate credit report errors. So, while the Marriott hack isn’t the first to expose passport information, it does appear to include more of them.
What you should do now
It’s not time to stand by the sidelines, as many chose to do after the Equifax breach. According to a CompareCards.com survey, conducted after the Equifax breach, 78% of consumers have never put a freeze on their credit files and just 47% said they just weren’t concerned about identity theft.
The good news is that as of Sept. 21, 2018, credit freezes are now free, and very easy to implement. You can also freeze credit files for your children under 16, according to the Federal Trade Commission, as well as for anyone for whom you serve as a conservator, guardian or valid power of attorney.
Once a credit freeze is in place, fraudsters cannot open new lines of credit in your name. It also locks your credit files from being viewed by potential lenders, but the new freeze process allows you to easily unlock your credit files if you are actively seeking credit, allowing a lender temporary access until you refreeze your files. Know that a freeze won’t stop people from using current accounts fraudulently, which is why you need to closely monitor bank and credit card statements.
How to freeze your credit
You’ll be asked to create an account, answer a few security questions, request a freeze, and you’re done. You just need to remember your login information to unfreeze your TransUnion and Equifax files when necessary. With Experian, you’ll be asked to create a PIN, which is required to unfreeze your account. When freezing your credit with Equifax and TransUnion, you’ll also be supplied with a PIN, which you’ll need to keep on file if you need to unlock your files by phone.
By law, your files must be frozen within one business day after implementing the freeze by phone or online, and unfrozen within an hour after lifting the freeze.
The only possible hurdle after the three credit bureaus made it so easy to freeze your credit reports is remembering to refreeze them after you’ve removed the security freeze. However, if you don’t want to worry about remembering to refreeze your credit reports, you can choose to temporarily lift a freeze. This way your credit report will be lifted for a set amount of time and then the freeze will automatically be reinstated.
Change your passwords
If you are a Marriott or Starwood loyalty program member, log on to your accounts and change your password.
“Since this hack also includes Starwood Preferred Guest information, it’s important to check to make sure that account hasn’t been compromised. Hackers want access to your credit card information, but your hotel loyalty points are valuable as well and can definitely be targeted by bad guys,” said Schulz.
Other passwords you should change include:
- Credit card accounts
- Social media accounts
- Airline, hotel and rental car loyalty accounts
“If you are still someone who hasn’t built identity theft checks into your routine, this is yet another wake-up call for you. Start today by taking the time to check your online financial statements for unusual activity and to review your credit report from the three bureaus to make sure everything on it is accurate. Yes, you’re busy, but if you have time to check social media five times a day, you have time to make sure your identity is safe. Make it a priority,” says Schulz.