Starwood, Marriott, Hyatt got hacked: What you need to know

If you’ve recently stayed at a hotel, now might be a good time to check your credit card statement.

On Aug. 12, HEI Hotels and Resorts reported a data breach that could have exposed the names, card account numbers, expiration dates and verification codes of thousands of customers. The breach affected at least 20 of the 43 Starwood (HOT), Marriott (MAR), Hyatt (H) and Intercontinental Hotels (IHG) operated by HEI.

According to a notice on its site, HEI discovered the breach after receiving an alert from its card processor. A subsequent investigation found that malicious software was installed in payment processing systems used at restaurants, bars, spas and lobby shops.

It’s hard to pinpoint how many people were affected, but Chris Daly, a spokesperson for HEI, says it could be in the tens of thousands. “About 8,000 transactions occurred during the affected period at the Hyatt Centric Santa Barbara hotel in California, and about 12,800 at the IHG Intercontinental in Tampa, Florida,” Daly told Reuters. “The number of customers affected is difficult to calculate because they might have used their cards multiple times.”

The malware was installed in some hotels as early as March 1, 2016, with a large number of properties coming under attack in December 2015. The breach was active until June 21, 2016.

Multiple properties were affected, including Starwood Westin hotels in Minneapolis; Pasadena, Calif.; Philadelphia; Snowmass, Colo.; Washington, D.C.; and Fort Lauderdale, Fla. The breach also affected Starwood properties in Arlington, Va.; Manchester Village, Vt.; San Francisco; Miami; and Nashville.

Marriott hotels in Boca Raton, Fla.; Dallas-Fort Worth; Chicago; San Diego; and Minneapolis were also affected by the breach.

According to HEI, the company is cooperating with law enforcement to do a thorough investigation, and is working with banks and payment card companies to correct any issues. HEI also said it’s reviewing and enhancing security measures.

How do you know if your credit card was among those hacked? The majority of states have laws that require consumers to be notified if there is a security breach where personal information is at risk. (Alabama, New Mexico and South Dakota are the only three states where this rule doesn’t apply.) However, HEI says that it does not have the information needed to locate potentially affected customers. So if you think you were affected by the breach, it’s important to contact your bank or card issuer immediately.

Going forward, here are some tips to keep our personal information safe.

1. Review credit and debit card account statements

Do this as soon as possible. Check to see if there are any discrepancies or unusual activity listed. You’ll want to look at past statements, but it’s also important to keep an eye on future statements as well. If you see anything that looks suspicious, or you suspect fraudulent activity, contact the card issuer immediately.

2. Credit is better than debit

Both credit cards and debit cards typically come with a zero-liability policy, meant to protect consumers from fraudulent and unauthorized charges. If credit card data is stolen, most issuers are able to straighten out the account and issue a new credit card within a few days – and the cardholder is not liable for any unauthorized transactions. The same can’t be said for debit cards. For instance, in 2007, TJ Maxx had a massive data breach that resulted in $150 million in losses. Credit card users felt little impact, but in an interview with Bankrate, Frank Abagnale, a secure document consultant, revealed that it took some debit card holders three months to get reimbursed.

If you’re concerned with the possibility of having a depleted bank account if a breach occurs, it’s safer to use your credit card for daily purchases and pay off the balance every month.

3. Check your credit report

The three major credit bureaus (TransUnion, Equifax and Experian) each offer a free credit report every year. It’s a good idea to check your report annually to ensure there is no debt that doesn’t belong to you. Finding unknown debt or suspicious activity could indicate fraud.

Brittany Jones-Cooper is a writer for Yahoo Finance.

Read more:

Add to your travel fund with these money-saving tips

The best ways to travel the world for free

How a bright red vintage trailer inspired a young couple’s business

Advertisement