Pasar al contenido principal

Marriott International dice que un incidente de seguridad que afectó su base de datos de reservas de huéspedes Starwood expuso la información personal de hasta 500 millones de personas. Si tu información quedó expuesta, hay algunos pasos a seguir que te pueden ayudar a resguardarte contra su uso indebido.

Según Marriott, los piratas informáticos accedieron a los nombres, domicilios, números de teléfono, domicilios de email, números de pasaporte, fechas de nacimiento y género de la gente, como también a la información de la cuenta del programa de fidelidad Starwood y a los datos de las reservas. En algunos casos, también robaron los números de las tarjetas de pago y sus fechas de vencimiento. Marriott dice que los números de las tarjetas de pago estaban codificados, pero todavía no se sabe si los piratas informáticos también robaron la información necesaria para decodificar esos números.

La cadena de hoteles dice que el incidente de seguridad de datos comenzó en 2014 y que podría haber afectado a todos los que hayan hecho una reserva antes del 10 de septiembre de 2018, inclusive. La marca Starwood incluye los Hoteles W, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts y otros hoteles y propiedades de tiempo compartido.

La compañía estableció un sitio web informativo, https://answers.kroll.com y un centro de llamadas, 877-273-9481, para responder preguntas. La compañía dice que los clientes afectados también pueden inscribirse en un servicio gratuito por un año que hará un monitoreo de los sitios web que usen los delincuentes para compartir la información personal de la gente. Marriott dice que el servicio alertará a los clientes en caso de que su información aparezca en los sitios web, y también incluirá reembolsos por pérdidas causadas por fraude y otros servicios.

Si tu información quedó expuesta, aprovecha el servicio gratuito de monitoreo, y considera seguir los siguientes pasos adicionales:

  • Revisa tus informes de crédito de Equifax, Experian y TransUnion — gratuitamente — visitando annualcreditreport.com. Las cuentas o actividades que no reconozcas podrían ser signos de un robo de identidad. Para averiguar lo que tienes que hacer, visita RobodeIdentidad.gov.
  • Revisa detenidamente los resúmenes de cuenta de tus tarjetas de pago. Fíjate si encuentras cargos de tarjeta de crédito o débito que no reconoces. Si encuentras cargos fraudulentos, comunícate con la compañía emisora de tu tarjeta de crédito o con tu banco, reporta el fraude y solicita un nuevo número de tarjeta de pago.
  • Coloca una alerta de fraude en tus archivos de crédito. Una alerta de fraude les advierte a los otorgantes de crédito que podrías ser una víctima del robo de identidad y que deberían verificar la identidad de cualquier persona que procure tomar crédito bajo tu nombre. Colocar una alerta de fraude es gratis y dura un año.
  • Considera colocar un congelamiento de crédito gratuito en tus informes de crédito. Con un congelamiento de crédito es más difícil que alguien abra una cuenta nueva bajo tu nombre. Pero recuerda que esto no impedirá que un ladrón efectúe cargos a tus cuentas existentes.

Marriott dice que les enviará mensajes de correo electrónico a algunos clientes con un enlace con su sitio web informativo. A menudo, los estafadores que envían emails de tipo phishing tratan de sacar ventaja de situaciones como esta. Se hacen pasar por compañías legítimas y envían emails con enlaces con sitios web falsos para tratar de engañar a la gente y lograr que compartan su información personal. Marriott dice que su email no tendrá ningún archivo adjunto ni solicitud de información. De todas maneras, lo más seguro es acceder al sitio web informativo ingresando el domicilio https://answers.kroll.com en la barra de domicilio del navegador de internet.

Para más información sobre cómo protegerte después de un incidente de seguridad de datos, visita RobodeIdentidad.gov.

Search Terms
alerta de fraude
congelación
crédito
robo de identidad
seguridad en internet
Topics
Llamadas, emails y mensajes de texto indeseados

42 Comments

Twainer
December 04, 2018
This and the continuing thefts of personal data are a precise indication that Security is NOT taken seriously enough by those trusted with it! When Equifax can be hacked, it's evidence of the soft attitudes about data protection! This HAS to change! Even the little guys can set up protection against this stuff if they were so inclined. Here at least, personal data is kept OFFLINE and the ONLY time it goes online is long enough to make writes to the data, then it is immediately taken OFFLINE again. So personal data is NEVER online except for specific, very short periods of writing data! Heuristic checks run 24/7 looking for anything that is out of line with intended SW operations, internally and externally. Backups are made in real time but ONLY while the data is offline! Never allow any sensitive data to exist facing the 'net; all data are collected and when complete, the random buffer where it's stored is immediately loaded into the offline storage. And a lot more, but those are general descriptions only. We have NEVER had a breach (so far), but have caught several before they got anywhere near actual data.
ltleato
December 04, 2018
WE ARE VICTIMS OF THE MARRIOT DATA BREACH.
ken
December 04, 2018
Thank you for this information. Very useful. It is apparent that tighter control over internet information OR stricter penalties for hackers is needed.
StrongThought
September 09, 2019

En respuesta a por ken

Stricter penalties for hackers would do no good, as they are often out of the jurisdiction of those making the laws. What we need are much stricter penalties for those who are responsible for safe-guarding our information in their systems in cases where said information is leaked, whether through hacking or through any other means.
vitalis0268
December 04, 2018
I suggest thorough investigation, Marriott should be held responsible, for example, i was traveling out of the country, when i got at the airport (Dulles Airport), i was told that the plane was over booked. i was not offered any refund. they decided to check me in at Marriott Hotel till the next day, i used the hotel computer to browse, and later discovered that my identity has been compromised. too bad
Marvin Thornton
December 04, 2018
Do I contact Marriot if get affected? Or do I contact my credit card?
really?
December 04, 2018
Really? One of the largest breaches ever, and the FTC's response is to put the onus on us - the public - to fix Marriott's incompetence? Where is the penalty to the corporation that caused this breach, not to mention the aftershock effects of phishing that will no doubt come as a result of this?
FTC Staff
December 04, 2018

En respuesta a por really?

Was your information exposed? Marriott has an informational website and a call center, 877-273-9481, to answer questions. Marriott says affected customers can sign up for a year of free services that will monitor websites that criminals use to share people’s personal information. It says the service will alert customers if their information shows up on the websites, and will also include fraud loss reimbursement and other services.

If your information was exposed, take advantage of the free monitoring service, and consider taking the additional steps described in the blog.

ckl
December 05, 2018

En respuesta a por FTC Staff

Marriott still does not who was impacted; I have asked repeatedly since the issue was first reported. The website is useless and the Kroll employees have a simple script that refers you to the site and credit monitoring. Marriott’s actions are shameful and the FTC needs to force action...or be disbanded as what purpose do you serve?
freakedout
December 04, 2018
The fact that this happened 4 years and ago and your company did not even suspect a compromise. What are you doing to appease those who have been affected and the time now we must spend monitoring our credit? Why should our credit card companies be left with any potential losses and the cost to replace our credit/debit cards and thus ultimately pass this cost back to us? It was your company that didn't protect our confidential information and now we must suffer.
FTC Staff
December 04, 2018

En respuesta a por freakedout

If your information was exposed, take advantage of the free monitoring. Marriott has an informational website and a call center, 877-273-9481, to answer questions. Marriott says affected customers can sign up for a year of free services that will monitor websites that criminals use to share people’s personal information. It says the service will alert customers if their information shows up on the websites, and will also include fraud loss reimbursement and other services.

Consider the additional steps listed in the blog. They can help you spot identity theft and stop someone from opening accounts in your name.

paulhut
December 10, 2018

En respuesta a por FTC Staff

Sorry, no, one year of credit monitoring is not enough. I want lifetime monitoring and a guarantee there will be reimbursement if this data is used against me. Please step it up FTC. These guys were negligent for FOUR YEARS.
YKR
December 04, 2018
I believe virtually all fraud and cybercrime will stop automatically if banks implement simple systems they are aware of which will personalise signature, PIN and passwords to the individuals so criminals will not get tempted to use them to make easy money. I cannot think of any reason why proposed will not restore honesty can you?
Don't use your…
December 16, 2018

En respuesta a por YKR

I t a l r e d i h a p e n t o m e s o i k n w. I w u d like to get asistance on my lost profit in personal wage at list
Pissed
December 04, 2018
That explains the phone call I had today from a “Marriott Property” that I had stayed in recently that I hung up on. Bring on all the annoying phone calls that I will have to block. How do these companies get away with time after time?
SafeStay
December 04, 2018
I paid for a safe and secure stay at Marriott/Starwood/allProperties and am rewarded with Marriott advising me that I should never have give private information out to begin with...yet it is required by the chain and gov agencies. PATHETIC. that they accepted the responsibility at the time... but now it is my problem... oh yeah if I can prove it was them... Marriott might foot the bill for my new passport...maybe KROLL is the only winner in all of this.
2014 ?????????…
December 05, 2018
OR it took them 4 years to find out about it ????????????????????
Anonymous
December 05, 2018
Well done Seena and the above steps will prevent a whole lot of malpractices and prevent credit card fraud in the near future to to Marriott and its entities. Yo did good with this publication. Whoever have ears should listen/hacken to your advise I have paid $12.99 for years to keep up/track with my credit card, and that is hardly enough. It is tough out there especially with most folks being out of work/layoffs/downturns/fluctuation in the economy, anyone could have done that to Starwood Corporation out of frustration. It all comes back. Best, Gloria.
mitchell.rj2010
December 06, 2018
need to verify if breach affected me.
JY
December 05, 2018
I think the breach goes back further than 2014, because I received a spam email posing as Marriott customer service wanting to give me 2 nights free stay voucher to ANY Marriott hotel. the email was sent to my work email, which was used only once at a SPG hotel in 2008.
IA Eng
December 07, 2018
The problem with all of this is that the names of the companies change but the same result is the same. It seems to be an acceptable business practice to be hacked and throw out some blanket for a false sense of security, in terms of a one year monitoring. These companies will keep the budgets low, raise the amount of insurance coverage and then when a breach occurs, say they are sorry and "your information is important to us" or "we take this very seriously". Yeah NOW that a breach has occured you do. They ride the gravy train until it falls off the track. Then, they win back some of the money via insurance or, simply write it off as a loss the following year. What happens to the consumers? Not much, they are left to tackle these instances by themselves, with a heaping tablespoon of go here, read this and figure it out yourself. Many people behind the scenes don't get it...... they are in an IT field or other profession for years or decades. A victim of ID theft for the first time may not be as technically savvy to the ways of handling all of this. They will go to the bank, demand a new card and they think the issue is over. Thats far from the truth. The process is broken. There is no sure fire way for the corporations to be completely secure from attackers since there are many, many undocumented zero day vulnerabilities that exist. When credit card compnaies start losing billions of dollars, then they will fix a problem. Until then, its on the consumers to drop a corporation that has violated their trust. People won't do this for two reasons. They are creatures of habit, returning to their old ways and forgiving too quickly. And, since there aren't any strict governmental standards in place, or stricter card rules, standards and security, the list of hacked sites outweigh the ones still not hacked. So what do people do? A bunch of nothing, or rant and rave about a class action suit which brings them 50 bucks and another false sense of victory. Its crazy, this is accepted, and the process is so broken that eventually, some one with a brain will figure out a rule to take the ease out of the process and incorporate security once again.
mjc775
December 07, 2018
People should also change passwords on other sites if it's the same password as the one they used to login to their Marriott/Starwood online account.
Govfailingall of us
December 07, 2018
Where are the laws to stop public and private organizations from gathering information from any and all U.S., tax paying citizens?! Why is Experian still listed as one of the credit agencies accessing and holding onto our information?? Why isn't our congress representatives outraged that none of the top Experian principles have not been fired and prosecuted. Our elected represenatives and senators need to take action now!! To protect our privacy and our personal information pass a right to privacy law that punishes those that choose by neglect or purpose to violate the law! Until this occurs no ones Rights are safe going forward! Every year we are seeing more electronic devices innocently being offered as personal assistance devices. BEWARE until we have in place laws to regulate oversite of these electronic devices we are being painfully ignorant and way to trusting.
Carol K
December 09, 2018
I went to change my password and delete my payment info, and noticed my account was linked to Facebook, which I did not do. I tried to delete the link but couldn’t. What is going on? Marriott needs to fix ASAP.
NiceTry Not Myname
December 10, 2018
What a joke. Pathetic response to an unacceptable breach of trust. People... Remember... the corporations and the government DO NOT CARE about us. Protect yourself by monitoring your own credit and bank accounts. WHEN it happens, and it will, report it and move on with your life. We gave up real security when we went to a fiat currency anyway, the only reason your dollars have worth is because someone else will exchange goods for them. Look at Venezuela to figure out how badly this can go when people no longer agree on the value of a dollar.
Concerned
December 14, 2018
I received an email sending a link to accept a voucher for two night stay from Marriott as an appology for the my personal data being stolen from them. I think if I clicked the links I would get a virus or worst! Has anyone else receive this type of email?
FTC Staff
December 14, 2018

En respuesta a por Concerned

That's a scam email - delete it! Thank's for spotting that and warning people.

It's good that you didn't click on the links or reply to it. That email is from a scammer who is phishing around for information. Scammers often send emails like that after a breach. They hope people will click on the links and share personal information.

Bob
December 16, 2018
Why doesn't the FTC hold companies liable like individuals are held liable under the Privacy Act? Currently, the Act states if an individual is found guilty of violating this Act they can be fined $5,000. Take I to consideration that with 2017 national annual median income being approximately $61,000, that is about 12% of income. If that were applied to the Marriott breach.. Marriott would owe the government about $2,200,000,000, as in 2017 their annual profit was about $22,000,000,000. I think if corporations were held accountable for their actions like individual citizens are...these breaches in PII security would stop immediately.
Burned
January 05, 2019
Marriott failed it’s loyal customer base and now puts it on them to correct their failure
Concerned abou…
January 09, 2019
I've received upwards of ten phone calls originating from various area codes in the US from unknown numbers since the breach. These calls leave voice mails in possibly Mandarin or Cantonese.
Kathy S
January 13, 2019
I just received a ransom note regarding my Starwood account in the ransom note I was told exactly what my password was and what account it was associated with. They asked for $682 in bitcoin - when I went to try to change my now known password - I discovered I was locked out - not only has my password been changed, my address has also been changed so I can't even recover my password because I don't know what address they changed my account to. For the hackers to have access to my password to Starwood - and now apparently in control of my account - is really bad and extremely frustrating. I did not ever get notified by Marriott and had to find out that my information was stolen from the hackers.
Everyone is th…
February 15, 2019
I got the "We're sorry. Here is a free 2-night stay at any Marriott location." email. Turned out it was from my own IT security as a test. Cant trust anyone.
Dido
August 03, 2019

En respuesta a por Everyone is th…

I got the same stupid email. I started ignoring all my emails from my IT department, because if I click on one of them, my boss gets notified & I get written up.
Tired of calls
February 18, 2019
This breach of privacy and receiving unsolited calls
Chet Rowe
February 20, 2019
Always protect all of your personnel information.
StarwoodBreached
March 20, 2019
Anyone else receiving tons of spam since this breach occurred with major grammatical and spelling errors? I am and it seems to be pretty easy to identify them - they all contain the same verbiage; aka "envirnament" or the latest ones "Hey there, first off, thanks for the interest in our newsletters... have fun reding them"... If other starwood customers have the same issue, one would think that a paper trail exists to find the money behind the marketing campaigns that are blowing up my inbox. Does Starwood care?
Spam, baked be…
March 27, 2019

En respuesta a por StarwoodBreached

Yes, yes and yes. I have 5 of these every morning when I wake up with different subjects from completely different domains all with the same into text preview... "-- -- Hey there, first off, thanks..." I'm flagging them as spam as I get them, but there's no end in site as they're all coming from random addresses. Our emails have to be on a list somewhere feeding this trash.
mdbBoston
May 20, 2019

En respuesta a por StarwoodBreached

Yes, 3 or 4 every day . . . "Hey there, first off, ...." So annoying.
StarwoodBreachedToo
March 31, 2019
Yes, I am literally bombarded with these spam emails as well - all start the same "Hey, there..." I have been begging Comcast to do something and after weeks of being bombarded with them - no response whatsoever. Maybe we should sue Starwood for the inconvenience of having them fill up our mailboxes every day.
maj1978
May 14, 2019

En respuesta a por Me too

I am receiving these e-mails, "Hey there, first off, thanks for the interest in our newsletters, hope you have fun reding them" and it seems like there is nothing I can do to stop them. I can't block the sender as the sender's address constantly changes. HELP!!
Cmitchell
October 30, 2020
A friend of mine just got back-to-back phone calls from a company that said they were with Marriott Hotels. When someone came on the line they said they were with Vallarta Gardens but then immediately hung up after they gave the info which is located at: Carretera Federal la Cruz de Huanacaxtle Punta de Mita Km 1.2, Marina, 63734 Cruz de Huanacaxtle, Nay., Mexico Phone number is actually: Phone: +52 (329) 295 6212 Email:  info@ boutiqueprc. I am putting this up here so the FTC and the FBI can see this! According to other websites that also show this scam they don't have the info I just gave. And Marriott has claimed to have had a DATA BREACH OF 500 MILLION last December 2018 So be careful and Don't use this "Resort" If you plan to go to Mexico!!!

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

Comment Policy

This is a moderated blog; we review all comments before they are posted. We expect participants to treat each other and the bloggers with respect. We will not post comments that do not comply with our commenting policy. We may edit comments to remove links to commercial websites or personal information before posting them.

We won’t post:

  • spam or off-topic comments
  • comments that contain vulgar language, personal attacks, or offensive terms that target specific groups
  • sales pitches or promotions
  • comments that contain clearly misleading or false information
  • comments that contain personal information, like home addresses

Comments submitted to this blog become part of the public domain. To protect your privacy and the privacy of others, please do not include personal information. Also, do not use this blog to report fraud; instead, file a complaint.

Return to top