The Marriott Data Breach: How to Protect Yourself

Hotel giant Marriott (NASDAQ:MAR) recently announced a data breach that compromised the personal information of roughly a half-billion customers. While there’s no reason to panic, there are some smart steps you can take to make sure your identity stays safe.

In this Industry Focus: Financials clip, host Jason Moser and contributor Matt Frankel, CFP, discuss what consumers need to know.

A full transcript follows the video.

Jason Moser: This was a massive, massive data breach on Marriott’s part. It seems like it goes all the way back to 2014, which predates Marriott’s megadeal with Starwood. It also sounded like the breach, perhaps, started on the Starwood side of the business.

Let’s dig into this a little bit. While Marriott isn’t necessarily a company that we’re going to cover here in the financials universe, this is one of those things that happens, and as investors, as consumers, we have to be used to this fact now that data breaches are a matter of if, not when. The more people that use technology, the bigger these data breaches are going to be. I always approach these data breaches as a matter of when, not if. There are things we as consumers can do to help out our cause here.

You used to work for Starwood for a time, didn’t you, Matt?

Matt Frankel: Yes. Not in any department that would be related to this incident.

Moser: Ah, OK. We’re not pointing any fingers, then.

Frankel: [laughs] No. I used to work for Starwood, not in any capacity related to this. There are some key takeaways from this, just like there was about the Equifax breach last year, that we did a whole episode on on this show. The key things to know: first of all, what was taken. They said their whole database was breached. I don’t know about you, but I really don’t care if anybody sees my historical hotel reservations.

Moser: Nope, I don’t either.

Frankel: I’m happy to share with anyone where I’ve stayed on Starwood properties. When I go to [Motley Fool] HQ, I stay at a Starwood hotel. The real issue is credit card numbers and other identifying information like that.

The thing to know is what to do. One, take a step back. We’re not sure exactly what anybody got, or who got it, or whether it’s even going to become an issue. The important thing to do as a consumer is to be sure you’re monitoring your credit regularly. You should be doing this anyway. There are a lot of services out there that will let you monitor your credit report for free. You’re actually entitled to a free copy of each of your three major credit reports once a year. is where you get the official one. It’s a really good practice to get into it, especially a credit alert service that’ll send you an alert if a new account has opened up or a new inquiry happens. You can nip these problems in the bud before they start.

Going beyond that, what you could do is create what’s called a fraud alert on your credit. To do this, you only have to let one of the three credit bureaus know. They’re required to notify the other two. This sets an alert when credit is applied for in your name. That lender will see a fraud alert, meaning that they should take additional steps to verify that you are who you say you are. If you’re applying for a credit card and they see a fraud alert, they might ask you to send them a copy of your driver’s license, or something like that.

And if you’re really worried about your identity being stolen, and you don’t need to use your credit anytime soon, you can put what’s called a credit freeze on there. Thanks to the recent bank reform bill, that’s now free. You can create a credit freeze. You have to do that with each individual credit bureau. That will effectively prevent anybody from opening new credit in your name. What it does is locks your credit report. When someone applies for credit in your name, that lender is physically unable to pull your credit, therefore has no way to make a lending decision.

So, there are three things you could do. Just to recap, one: keep monitoring your credit, set alerts so you know exactly what’s happening at all times. Two: put a fraud alert on if you’re worried. If you’re a regular Starwood customer like I am and you’re worried that this might have affected you, a fraud alert is a great way to go. And, a credit freeze, especially if you notice anything suspicious, is the more drastic step you could take.

Moser: I like your point there about consistently and regularly monitoring your credit report. That’s something that, perhaps a time ago, may have been a little bit more difficult to do, a little bit costlier. But as you noted, there are so many different ways to go about that now. It really can be so easy. Just as an example, I have an American Express card, and they give me a little service I can subscribe to where every quarter, they give me a copy of my credit report. It costs really nothing over the course of a year. It’s something that I never have to worry about. I know, every quarter, I’m going to get a copy of my credit report, so I can see it, make sure everything is in line. If there are any discrepancies, there’s an easy way to go about trying to address it and settle.

I don’t know that people recognize, maybe at a younger age, at least, how important, how valuable an asset that credit score really is. That is something that can open up a lot of doors for you. If you don’t maintain it, if you don’t protect it and build it and grow it, you’re selling yourself short there.

Frankel: Sure. A lot of younger people also underestimate what a pain it is to fix it once your identity is actually stolen.

Moser: That’s a good point.

Frankel: Ultimately, you should be able to get everything removed from your credit report, but it can take some time and a lot of headaches, a lot of paperwork you have to fill out, police reports and things like that. You have to convince each creditor the account wasn’t actually yours. It could be a big, uphill battle. I know friends who have taken a year or more to completely clear their credit after a serious breach.

Moser: That sounds like a massive hassle. Another thing I’ve done before, I don’t do this religiously, but when I do hotels or bigger purchases like that, I tend to use a credit card as opposed to a debit card. The reason why is, if someone’s going to steal my identity — and let’s face it, we live in an age where oversharing is rampant. People are posting what they’re having for breakfast on Facebook every day and telling you what they’re doing right after. It seems like stealing someone’s identity would be pretty easy, given the status of social networking today. For me, I’ll use a credit card oftentimes as opposed to a debit card because at least if someone gets my credit card number, that’s fine. I mean, it’s not good, but at least it’s not something linked to my checking account, where they can just drain the cash out of my bank account.

At the end of the day, your bank is going to take care of you. Your credit card company is going to take care of you. But I’ve always had this little phobia about linking too many things to our checking account or a debit card, thinking that if something was hacked or stolen…you get that cash siphoned right out of your account, that’s a more pressing issue than dealing with credit card fraud. You’re not in a time crunch as much with credit card fraud, and you’re not put in a cash crunch with a credit card like you might be with a debit card or linking something to your checking account.

Frankel: Yeah, definitely. Credit cards generally have zero fraud liability. With debit cards, you have some liability. I think it’s $50 or so now. But credit cards generally have universal zero fraud liability these days. That’s definitely a good point.

Moser: Bottom line, these data breaches are going to happen. There’s nothing you can do to control that, so always keep this kind of stuff top of mind. Protect your identity, protect your credit report, your credit score. You have ways to do that. We encourage you to always keep that in mind.

Jason Moser has no position in any of the stocks mentioned. Matthew Frankel, CFP owns shares of American Express. The Motley Fool owns shares of and recommends Facebook. The Motley Fool recommends Marriott International. The Motley Fool has a disclosure policy.

By Kristina Payne February 16, 2019 24 Comments