Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Recently, the Marriott hotel chain announced that it had suffered a major data breach involving its Starwood guest reservation database. Starwood is a group of hotels bought by Marriott in 2016 and includes such well known hotel chains as the St. Regis, Westin, Sheraton and W Hotels. The data breach was discovered in early September 2018 by Marriott, but had been ongoing since 2014. The total number of people affected by the breach is estimated to be an astounding 500 million. 327 million had personal information stolen, including names, phone numbers, email addresses, and birth dates. Millions more also had credit card information compromised. Marriott and law enforcement authorities are investigating the matter, which appears to be the work of Chinese state hackers.
Marriott has set up a website with updated information about the data breach. If you stayed at a Starwood hotel between 2014 and now you should check out the website for more information.
It is an unfortunate fact of life that regardless of how careful you are about protecting the security and privacy of your personal information, you are only as safe as the companies and government agencies with the weakest security. You may have not stayed at a Starwood hotel in the last four years, but chances are you are among the millions of people whose personal information was compromised by data breaches at Equifax, Orbitz, eBay, Premera Blue Cross, Anthem, Lord & Taylor, Saks Fifth Avenue, T-Mobile, Hyatt, Brooks Brothers, Chipotle, Neiman Marcus, Arby’s, Staples, Kmart, Dairy Queen, Home Depot or Target, to name just a few.
With many companies and governmental agencies failing to take proper security measures to protect your data, it is truly more a question of when, not if, will your personal information be stolen by hackers. The threat of identity theft posed by a data breach is very much dependent on which personal information was stolen. At its most benign, email addresses or other similar information may be used by hackers to formulate spear phishing emails and text messages to lure you into clicking on malware-infected links. At its worst, such as in the Equifax data breach, sensitive personal information such as your Social Security number can be used directly to make you a victim of identity theft.
Protect Yourself Against Data Breaches
Taking the security precautions listed below can help prevent you from becoming a victim of identity theft.
- As much as possible, limit the amount of personal information that you provide to companies and institutions with which you do business. Your doctor’s office may ask for your Social Security number as a means of identification, but they have no legal need for it.
- Protect your own personal electronic devices, such as your computer and cell phone, by always promptly updating all of the programs you use when new updates or security patches become available.
- Don’t use your debit card for purchases because the liability protections for fraudulent use of your debit card are not as strong as those for credit cards. Limit your debit card use to your ATM.
- Use strong, unique passwords for all of your accounts so that if your password is compromised at one company, all of your accounts are not in jeopardy.
- Use dual factor authentication whenever you can for added security. With dual factor authentication, your online account cannot be accessed without a special code that is sent to your cell phone. This prevents someone accessing your account from a different device than you usually use.
- Regularly monitor your credit reports for indications of identity theft. Some companies charge for this service, but there are a number of good, free credit monitoring services available as well.
- Be skeptical of any email asking for personal information or prompting you to click on a link. Never provide such information or click on links until you have confirmed that the email is legitimate.
- Freeze your credit reports if you have not already done so. Freezing your reports is still the best single act you can do to protect yourself from becoming an identity theft victim and since federal legislation went into effect in September, you can freeze and unfreeze your credit reports for free.
- Visit Have I Been Pwned, a helpful website that tracks data breaches and whether you have been affected by them.
Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now
