WASHINGTON, D.C. — Consumer Reports says the massive data breach of Marriott-owned Starwood hotels is the latest reminder that government and industry need to step up and do more to protect consumers’ personal information.
Justin Brookman, director of privacy and technology policy for Consumer Reports, said, “We see breach after breach, and they generate a lot of headlines, but they still haven’t generated enough action by government and industry to curb the problem and hold companies accountable. The details of the Marriott breach are still rolling out, but the size alone is another reminder of why we need Congress and states to put stronger data security requirements in place for companies that collect so much private information about us. Fewer than half the states have general data security requirements, and federal protections are unclear and contested.
“This breach doesn’t seem to include unencrypted financial information, so for many people, this breach might not be covered by their state’s breach notification laws. Your travel history includes private information that you might not want the world to know, such as where you stayed and when. Proposed federal data breach notification laws wouldn’t cover this type of information either, and would actually keep states from passing new notification laws to cover this and other new types of data breaches. If Congress does pass federal breach notification legislation, it needs to allow the states to innovate and pass their own laws to respond to new types of threats.
“Even if Marriott isn’t required by law to notify every user affected by the breach, we hope it would proactively reach out on its own to let each affected customer know exactly what information about them was compromised,” Brookman said.
Consumer Reports offers some steps for consumers to consider in response to the news about the Marriott breach:
- Monitor your own financial information on a regular basis, including your credit card bills, bank statements and your credit report.
- Consider a credit freeze to make it harder for cyber criminals to apply for loans, credit cards, and wireless phones using your personal information. Marriott has said that it has not detected that credit card data was compromised, but they’re also still in the process of exploring the scope of the breach.
- Be wary of spear phishing scams. The very specific data included in this breach–including travel history–can be used by cyber criminals to lull victims into a scam. So be aware of e-mails and callers using this kind of information.
- Going forward be as stingy as possible with your personal information. Consider the risk-reward before you sign up for affinity programs like hotel rewards programs. And whenever possible, decline to offer personal information. When that information is required, using burner e-mail and phone information, or even your work accounts and numbers, rather than your personal information
Contact: David Butler, dbutler@consumer.org, 202-462-6262
Consumer Reports is an independent, nonprofit membership organization that works side by side with consumers to create a fairer, safer, and healthier world. For 80 years, CR has provided evidence-based product testing and ratings, rigorous research, hard-hitting investigative journalism, public education, and steadfast policy action on behalf of consumers’ interests. Unconstrained by advertising or other commercial influences, CR has exposed landmark public health and safety issues and strives to be a catalyst for pro-consumer changes in the marketplace. From championing responsible auto safety standards, to winning food and water protections, to enhancing healthcare quality, to fighting back against predatory lenders in the financial markets, Consumer Reports has always been on the front lines, raising the voices of consumers