After a Data Breach: What You Don’t Know Can Hurt You

Here we go again. Marriott announced that their Starwood Hotels reservation data base, which includes all Marriott, Westin, Sheraton, W, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design, Element and Luxury Collection hotels, has been compromised. This breach, one of the largest in history, exposed the personal information of approximately half a billion people. According to Marriott, hackers gained access to the Starwood data in 2014, but the company only recently discovered the problem. The breach included 327 million records of “some combination” of names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, gender, and hotel booking information. Consumers’ credit card data was also stolen.

At this point, Americans should assume that if their identity wasn’t compromised after the Equifax breach, it has been now. And given that about 40% of hotel leisure travelers are 55 and older1, the threat of our parents being targeted is very real.

What should you do? Keeping an eye on your family’s finances is challenging enough. The thought that our parents’ personal and financial information is also at risk is deeply concerning. The good news is that there are simple steps you can take to protect yourself and your loved ones.

It’s important to recognize that there is a good deal of misunderstanding about credit monitoring and its limitations in preventing fraud.

1. Initiating a fraud alert, credit freeze, or credit lock with credit bureaus provides only partial protection.
As a former prosecutor, I investigated hundreds of cases involving financial abuse, elder exploitation and identity theft. These included scams, stolen checks and credit/debit cards, forgery, illegal wire transfers, unauthorized investments, power of attorney abuse, and more. What is one thing that most of these cases had in common? Evidence of the abuse often never appeared in the victim’s credit report. Consequently, filing a fraud alert or credit freeze would not have prevented these offenses.

2. Credit monitoring will not identify potential fraud across all financial accounts.
Stolen personal data and credit card information can be used to purchase expensive goods, book vacations, file phony tax returns, withdraw or transfer funds, and open unauthorized depository accounts. Notably, these are not events that will appear in the victim’s credit report or be identified and flagged by most credit monitoring services.

3. Monitoring all financial accounts—not just credit based activity—will provide consumers and their loved ones with more comprehensive protection.
In addition to changing passwords on all accounts, consumers should monitor all financial accounts, credit cards, and credit reports for erratic activity. Technology services can serve as an essential tool for alerting consumers, caregivers, and professionals to potential fraud in the wake of a massive breach. Fintech can analyze data across accounts (checking, savings, investment, retirement, loans, lines of credit, and credit cards) and institutions on a daily basis—while also keeping an eye on the same information for loved ones. Tech based services can also scan the Dark Web regularly to identify the exposure of stolen personal information, including social security numbers, email addresses, passport numbers, credit and debit card numbers, and more.


Future data breaches are inevitable. But family members and professionals can take proactive steps to protect all of their loved ones’ accounts and personal information—beyond a credit freeze.

Liz Loewy is a former NYC prosecutor and currently Chief Operating Officer of EverSafe, a fraud monitoring service focused on the financial health of seniors and families

1 https://www.ahla.com/sites/default/files/Lodging_Industry_Trends_2015.pdf