Updated: November 30, 2018

Marriott International has disclosed a data security incident that has compromised the information of as many as 500 million guests, exposing in some cases credit card numbers, passport numbers and birthdates, the company said today.

Alarming security analysts, Marriott said that unauthorized access to data at the hotels, once run by Starwood, has been taking place since 2014.

The affected hotel brands operated by Starwood before it was acquired by Marriott in 2016 include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points. Starwood branded timeshare properties are also included.

There are 34 Starwood hotels and timeshares in Hawaii, including well-known properties such as The Royal Hawaiian, Sheraton Waikiki, Moana Surfrider and the Ritz-Carlton Residences, Waikiki Beach.

None of the Marriott-branded chains are threatened.

Credit card numbers and expiration dates of some guests may have been taken, according to the company. For as many as two-thirds of those affected, data exposed could include mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.

What you can do

We encourage you to monitor your accounts frequently and to immediately report any unauthorized transactions.  Marriott has set up a website and call center for anyone who thinks that they are at risk.

Additional Resources:

Frequently Asked Questions

Please review the following information to better understand how this breach may affect you and ways you can monitor and protect yourself from fraud.

Do I need to be worried about my UHFCU accounts?

Your UHFCU debit and credit card are protected by Zero-Liability protection.  You should always be cautious and review your accounts on a regular basis.  With that being said, it’s a great opportunity to take advantage of account alerts, Online Banking, and Mobile Banking.  Also, the best way we can serve you is by having your current e-mail and mobile phone number.

What information was compromised?

According to Equifax, the following was compromised: “The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.  In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed.”

I don’t appear to be part of the breach but what can I do to monitor my accounts and credit history?

The best way to do this is by checking your UHFCU account regularly via Online Banking and our Mobile Banking app, as well as accounts at any other financial institutions.  We also recommend setting up account alerts to notify you about transactions on your accounts.  In addition, you can pull a copy of your credit report from each major bureau once per year at www.annualcreditreport.com.  We recommend doing this on a regular basis to keep an eye out for any unauthorized or unusual activity.  Equifax has also recommended monitoring personal information using the Federal Trade Commission’s website, www.ftc.gov/idtheft, to obtain information about steps you can take to better protect against identity theft as well as information about fraud alerts and security freezes.

What if I notice unauthorized or unusual activity on my UHFCU account?

Please contact us as soon as possible, and we’ll take the appropriate steps to file a dispute or fraud report on your behalf.