5 ways to protect your identity after the Marriott breach


At Bankrate we strive to help you make smarter financial decisions. While we adhere to strict , this post may contain references to products from our partners. Here’s an explanation for

The content on this page is accurate as of the posting date; however, some of the offers mentioned may have expired.

Yesterday, Marriott confirmed a data breach involving the personal information of 5.2 million guests — its second such incident since a November 2018 breach involving up to 500 million Starwood guests.

The international hotel chain said in a statement that guest data was potentially first accessed by hackers in January 2020 using the login information of two hotel employees, only to be discovered toward the tail end of February 2020.

According to Marriott, information that may have been compromised includes guest email addresses, phone numbers, loyalty account numbers, personal details and more. If you’re concerned that your identity may be at risk, here are five ways to protect yourself.

1. Don’t hesitate: Freeze your credit

Thanks to the Economic Growth, Regulatory Relief, and Consumer Protection Act, there is no longer a charge to freeze your credit, also known as a “security freeze.” A credit freeze may protect you if someone tries to apply for credit in your name using information they accessed during a breach. Every data breach is another reminder that you should take advantage of this.

2. Monitor accounts and your credit

Proactively monitoring your accounts and credit report allows you to catch unusual activity early on.

If you suspect your credit card numbers and expiration dates may have been compromised, you may want to talk to your financial institution about getting a new credit or debit card number issued. At the very least, it’s smart to have text, email or mobile notifications of purchases and to monitor your accounts on a daily basis for potential fraudulent activity.

While you’re generally not liable for fraudulent credit card charges, identity thieves are becoming more sophisticated. And, if you don’t discover a bogus charge, you’ll pay.

3. Add new layers of security

Safeguard your accounts by enrolling in two-factor authentication, which would require you to log on using both a password and a one-time code sent to your smartphone. That would make it more difficult for a criminal to gain access.

Many Americans fail to understand two-factor authentication. Only 10 percent could identify it correctly in a 2017 survey by the Pew Research Center.

You’ll also want to set up a PIN code with your wireless provider, so a customer service agent wouldn’t be tricked into allowing a hacker to commandeer your phone.

And, establish a system with financial advisers who have access to your investment accounts so it would take more than just a simple email from you to get them to wire money from your funds.

Adding a verbal password to your account can also add another layer of security. Most financial institutions will allow you to add one. The representative should ask you for this verbal password when you call on the phone or visit in person, depending on that institution’s policies. But be warned, if you forget this verbal password, you’ll likely have to go through a lot of work to prove your identity. As with all passwords, keep these unique and hard for others to guess. Also, if the institution doesn’t ask for the verbal password or makes it too easy to reset, this method won’t protect you.

4. Be careful with your taxes

Identity thieves don’t stop with credit cards. In 2019, the IRS received 199,000 reports identity theft from taxpayers. One way to remain vigilant when it comes to protecting yourself from identity theft is to file your return as early as possible and change your withholding to lower a potential refund.

If you think you’re the victim of fraud, file the identity-theft affidavit, Form 14039, with the IRS.

5. Watch your emails and snail mail

Hackers also may use stolen information to send you a phishing email – a note that looks legitimate but contains links to malware.

It’s usually better to go directly to the website via your browser rather than clicking on a link, if possible.

Fraudsters can use these emails to get you to click on encryption ransomware, which can block you from accessing your photos and other sensitive files until you agree to pay a ransom to regain access. Backing up your data on a hard drive is key.

Get into the habit of reading emails carefully before responding, paying special attention to the sender. A scammer might hide behind a name that looks familiar, but the spelling will be off by a letter or two.

Give the same close attention to any “explanation of benefits letters” you receive from your health insurance company.