If you’ve been paying attention to the news over the last few days, you know that both the Marriott hotel chain and New England’s own Dunkin Brands, parent of Dunkin Donuts, have announced significant data breaches.
Let’s start with the breach at Marriott. There are several worrisome things about this breach. First and foremost, early reporting is indicating that this breach may have been underway for four years, beginning sometime in 2014. This speaks to the sophistication of hackers, in that they are able to gain access to a target network and take up residence, undetected for extended periods of time. This allows hackers to harvest untold troves of data from the targeted company, in this case Marriott.
Here is what we know about this breach. The attack targeted Marriott’s Starwood Preferred Guest rewards program database. This encompasses the Marriott brands including Aloft, Design Hotels, Element, Le Méridien, Sheraton, St. Regis, The Luxury Collection, Tribute Portfolio, W Hotels and Westin. If you have stayed at one of these brands, you could be impacted.
The data exposed in this breach is also a significant concern. Early estimates indicate the private information of as many as 500 million guests may be exposed. This includes personally identifiable information potentially including passport numbers, which is a major concern. Names, mailing and email addresses, phone numbers, account numbers, reservation details and more may have been breached.
Marriott uses advanced encryption algorithms for payment card data, so the hope is that the hackers may not be able to decrypt that data and gain access to credit, debit and bank account details. Regardless, if you have stayed at a Marriott property and may have an account in the Starwood guest system, you should keep very close watch on your accounts and enable any and all fraud alert features available to you.
You should obviously change your password if you have a login to any of the Marriott brand websites. And if there is any chance that you have used the same password for other accounts, you are best to change those account passwords as well.
Now let’s turn to Dunkin Donuts and its DD Perks rewards program. This one is a bit interesting in that Dunkin Brands, the parent company of Dunkin Donuts is not saying it experienced a data breach. Rather, it is saying other data breaches may have exposed usernames and passwords that may have given hackers access to come DD Perks accounts.
The company is warning customers who are DD Perks members or use their mobile app to pay for purchases at their stores, that their accounts may be exposed. The company is also saying this issue only impacts a small percentage of customers. Here’s hoping.
Time will tell how widespread the Dunkin issue is. As with the recommendations above, if you are a DD Perks member or use the mobile app, you should change your password immediately and closely monitor your linked payment accounts.
I expect far more details on each of these breaches will be coming out in the days and weeks ahead. With online shopping and mobile apps becoming more and more prevalent every day, you need to take prudent steps to protect yourself. These breaches will unfortunately continue. It’s up to each of us to take advantage of every available precaution to safeguard ourselves for the collateral damage that these breaches bring. I know I’m a broken record, but start by using a unique password for each and every account that you have.