I knew I would get it. It was just a matter of time. The dreaded breach notification email from Starwood Hotels/Marriott hit my inbox this Monday. As you know, I am one that is serious about data privacy. I have received notification of data breaches of my information before, and what irks me is that none of these data breaches are a result of my fault, including this one.

This one is particularly disturbing because it includes passport numbers. This is a first for me. I am having a difficult time understanding why Starwood/Marriott would store my passport number. Why do they even have my passport number? Can’t they just ask for it when they need it and then delete it when they no longer need it? The only time I recall giving my passport number to any hotel chain is when you travel internationally, which is an uncommon occurrence.

So now that 500 million others are receiving the same breach notification I received from Starwood/Marriott, what do we do?

Here are some tips:

  • Consider a credit freeze (although this will not tell you if someone is using your passport)
  • Avail yourselves of the services being offered for free by Starwood/Marriott which is outlined in the breach notification letter
  • Check your bank and credit card statements like a hawk (this should be an ongoing activity)
  • Consider obtaining a new passport as there are no monitoring services that I know of that include a passport number (Ugh!)
  • Take a look at the tips provided to us from the FTC

I am frustrated and I know that you are too. This incident emphasizes how important it is for companies to determine why they are collecting our personal information, and how long they need it. If they don’t need it anymore, companies need to consider disposing of it so it does not put the company and us at risk.