Skip to main content

Subject:  Recent Marriott Data Breach
Submitted for:  Information Technologies & Resources
Submitted by:  UCF Information Security Office

The Information Security Office would like to bring to your attention a recent data breach involving Starwood Hotels and Resorts, which is owned by the Marriott hotel group.  If you stayed at a Starwood property, including Westin, Sheraton, St. Regis, and others, you may be affected.

What happened?

According to the company, their guest reservation database was compromised by an unauthorized party.  The information included guests’ payment information, names, mailing addresses, phone numbers, email addresses and passport numbers.

Marriott has begun notifying affected guests via email.  A website has been set up for guests to learn more about the incident:  https://info.starwoodhotels.com/

What should I expect?

Scammers will most likely attempt to target affected users with spear phishing emails.  They will use the information in the Starwood database to craft legitimate-looking emails.

What should I do?

If you receive a notification from Marriott that you are affected, you should immediately change your password used for the website, as well as any other accounts that use the same password.

Be aware that you may receive phishing emails related to this event and treat any such emails with suspicion.  Remember not to provide personal information or account credentials to unexpected emails.

If you haven’t already done so, you may wish to freeze your credit file.  Recent federal legislation has made credit freezes free.  For more information, review the article on the FTC website at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

For more information on phishing, visit our Phishing Awareness page at https://infosecucfitcmsqa.smca.ucf.edu/phishing.