The Marriott breach: why it’s bad and what you can do to protect yourself

Media Releases

Media Contacts
Mike Litt

Director, Consumer Campaign, U.S. PIRG Education Fund


“The Marriott breach raises serious questions about Marriott’s data security and its response. For starters, how did Marriott’s data breach go unnoticed for four years?

Marriott should do a better job explaining the risks posed by its breach and what consumers can do to protect themselves.

Marriott is offering a free service for a year that will alert you if your personal information is found on websites that share stolen info. However, even in the absence of an alert, consumers should act as if their personal information is already out there.

Some of the 500 million customers affected appear to have had their credit or debit  card numbers stolen. These consumers are at risk for existing account fraud and should consider requesting a new card. All consumers should check their monthly credit card and bank statements.

Other pieces of information stolen in this breach, including dates of birth, do not appear usable for identity theft or fraud on their own. But this information could pose serious threats if coupled with more valuable personal information, such as Social Security numbers, stolen in other breaches or from phishing scams.

Here are steps you can take to protect yourself from  fraud:

  • New Account Fraud (including cell phone, credit card, loan and utilities accounts): Get credit freezes at all three nationwide credit bureaus — Equifax, Experian, and TransUnion.

  • Tax Refund Fraud: File your taxes as soon as possible, before thieves do. Also, if you qualify, get an Identity Protection (IP) PIN.

  • Health Care Services/Medical Benefits Fraud: Sign up for online accounts with your health care and insurance providers to periodically check for any fraudulent services on your statements.

  • Phishing Scams: Ignore unsolicited requests for information by email, links, phone calls, pop-up windows or text messages. Marriott will notify its affected customers about its breach by email ([email protected]) and has said it will not ask for personal information or include attachments.

More tips for protecting yourself from identity theft and fraud are available here.”


U.S. PIRG (Public Interest Research Group) Education Fund is an independent, non-partisan group that works for consumers and the public interest. Through research, public education and outreach, we serve as counterweights to the influence of powerful special interests that threaten our health, safety, or well-being.