Muncie, In. — A Ball State University professor is recommending that people change their credit card numbers and be on alert for identify theft if they fear they are victims of a major security breach involving Marriott International.
Marriott International, the world’s largest hotel chain, announced earlier today that a breach of its Starwood reservation database may have affected up to 500 million guests. It is potentially one of the largest breaches of consumer data ever.
“Data breaches of personal information including credit data are becoming commonplace in the U.S. and, as consumers, we have a right to be weary of it,” said Rebecca Hammons, a professor in the Center for Information and Communication Sciences (CICS) at Ball State. “Today’s disclosure by Starwood, parent of many hotel and property chains including Marriott, of the unauthorized access to millions of users’ data is reminiscent of recent Anthem and Target hacks.
“As consumers, we have a right to credible and detailed information from Starwood. For example, if the nearly four years of unauthorized access was discovered in September, why is it still unclear who engineered the hack and their possible motivations? This could, for example, be a situation of mismanaged internal user access controls. Understanding such information can reduce consumer uncertainty and anxiety.”
Hammons, who is a Starwood customer, says the risk of misuse of her data is low due to the four-year timeframe during which unauthorized parties had access to her data.
“That said, I will change my credit card number today to prevent fraud, and I will be on alert for any identity theft activities. That’s my stance as an impacted consumer. From a collective position, consumers should press for greater legal protections for personal data.”
Hammons also suggests that consumers who travel frequently use a single credit card with a manageable limit for such travel needs and memberships, whether it is airlines, hotels, rental cars, or ride-sharing or other such services.
“This makes it easier to quickly shut down any fraudulent activities, and many card services will reach out to you if their algorithms detect unusual activity. If you use a specific credit card with Starwood properties for your travel, you might proactively contact your card service provider and change your card number, despite the inconvenience of updating your online use of the current card as a method of payment.”
Hammons has extensive technology industry experience in establishing and leading software quality assurance, product development lifecycle services, and project management teams.
“As consumers, we should be outraged by the seemingly endless flow of such breaches in the U.S.,” she said. “We must lobby our legislators at the state and federal levels to pursue protections such as those provided to European Union residents through GDPR (General Data Protection Regulations) that enable greater consequences to companies for failing to implement best practices in assuring the security of our personal data.
“Given that Starwood has a global clientele, it is very likely that they will be subjected to GDPR regulations and potential fines, which became effective last May. We should have similar protections in the U.S., yet our data security protections significantly lag other developed countries. In this matter, we should be consumer-driven and not business-driven in our laws.”