Marriott Says a Data Breach Exposed 500 Million People’s Info. Here’s What You Need to Know.

Vacation is supposed to leave you feeling relaxed and rested long after it ends, but more than 500 million Marriott International guests are feeling anything but now that the company has disclosed a major data breach of its Starwood reservation database.

On Friday, the hotel giant said its Starwood reservation database might have been accessed by hackers, resulting in what could be one of the biggest consumer data leaks ever. But wait -- it gets worse. Marriott International said it received its first alert of an attempted breach in September, thanks to an internal security tool. The initial alert prompted a thorough investigation, which revealed an “unauthorized party” gained and maintained access to copied and encrypted information, starting all the way back in 2014.

For roughly four years, an unknown and unauthorized entity had access to millions of people’s information. The company said it learned the targeted information was from its Starwood database on November 19. Although everything on the database was encrypted, the hoteliers can’t rule out the possibility that the information may have been decoded.

“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” Marriott said in a statement.

According to the company, give-or-take 327 million guests may have had some combination of their name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and preferred method of communication accessed.

Worse yet, Marriott has reason to believe some customers even had their credit card information stolen, though the company hasn’t confirmed this as of the initial announcement. What Marriott does know for sure is the “unauthorized party” was able to copy and encrypt information within its system “and took steps toward removing it.”

In the wake of the, the company has taken steps to address the leak and is working with authorities to get to the bottom of it. Meanwhile, there are steps you can take to find out whether your information was accessed and if so, what to do next.

Marriott set up a website for anyone worried their information might be compromised as a result of the recent hack. The site contains all the information you need to know about when the breach occurred, what kind of information was compromised and how many people were affected. Guests will receive an email notifying them if their information was stolen, starting Friday.

As a consolation for unknowingly allowing a mysterious third party to access guest’s personal information, Marriott’s giving the gift of WebWatcher. The service monitors websites that use your personal information and alert you if they plan to share it -- a fitting gift, given the circumstances. Marriott guests will get one year of WebWatcher free.

If you don’t want to wait around for an email from Marriott telling you whether your information was leaked in the breach, there are some things you can do to protect yourself. For one, change your password and make it tricky. If you think hackers are sharp enough to get into a hotel database, but can’t crack your “Password123,” think again.

Marriott also recommends that you monitor your accounts for strange activity. Check your bank, retirement, credit card, and any other financial assets you may have -- you never know where they might get you. Additionally, everyone should be wary of phishing emails asking for login details, which are likely to pop up as a result the massive breach.

Anyone else need a vacation after reading about this?