Marriott (Starwood) Data Breach

Written by Josh Brown, VP Director of Security at The Fauquier Bank

On November 30, 2018 the Marriott hotel chain announced there had been a breach of its Starwood Preferred Guest reservation system. The breach had lasted about four years and compromised the information of about 500 million guests.  How many of the records exposed involved payment information?  Marriott is only saying “For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption…”  This would indicate that the exposure of payment information may not be likely.  As we know from experience, the information can change as the investigation continues.

The Fauquier Bank is researching to find any debit cards that may have been swept up in that compromise. As with any of the major data breaches reported in the news over the last several years, there are distinct steps you can take, and ways in which TFB will protect your money.

Pay attention to your statement.

If you find a suspicious transaction, report it to a TFB Customer Service Representative as soon as possible. If it is reported within 60 days of the charge, you will be reimbursed,

Update your record.

Do we have your current cellphone number? We are upgrading our systems that detect suspicious transactions so that we can contact you through a text message.  Making sure we have your current cellphone number in the system will ensure timely notification and enhance our ability to limit what the fraudsters can do.

Use the app.

With the TFB app, you can set limits for where your card can work and for how much. You can block certain types of merchants, or just limit transactions outside of a certain area.  You can even turn it off and on to prevent use when not authorized.

Take advantage of help Marriot is offering.

Marriott is offering a free one-year enrollment in WebWatcher, which monitors sites where personal information is sold on the dark web. Once enrolled, you will be notified if your information is found for sale.  Here is a link to the Marriott announcement: