Data Breach and Fraud Alerts
Check here for information about common scams, data breaches and other security threats.
Updates on known data breaches
Marriott International - Starwood Guest Reservation Database
November 30, 2018
On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.
Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information. Marriott reported this incident to law enforcement and continues to support their investigation.
For additional information, please visit https://answers.kroll.com/
Cheddar's Scratch Kitchen
August 22, 2018
On August 16, 2018, Darden Restaurants was notified by federal authorities that a legacy point-of-sale system of certain Cheddar's Scratch Kitchen restaurants, a concept acquired by Darden in 2017, may have been compromised in a cyberattack incident involving restaurants in 23 states.
Those affected can call 888-258-7280 for more information about identity protection services being offered.
For more information, visit Cheddar's customer notification page.
Chili’s® Grill & Bar
May 24, 2018
According to Brinker International, some Chili’s restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of payment card data.
On May 11, 2018, the Company learned that some payment card information was compromised at certain Chili’s restaurants as the result of a data incident. The investigation into this incident is ongoing; however, based on the details currently uncovered, the company believes that malware was used to gather payment card information including credit or debit card numbers and cardholder names, and potentially expiration dates and CVV codes from its payment-related systems for in-restaurant purchases. It is believed that the data incident was limited to between March – April 2018; however, we continue to assess the scope of the incident.
For additional information about the breach or the free identity theft protection plan Chili's is offering its customers, please visit http://brinker.mediaroom.com/ChilisDataIncident.
Surrey Bank & Trust will contact our customers whose cards were compromised as a result of this incident. Please remember that we will not ask for passwords, pin numbers or other confidential information.
September 7, 2017
According to Equifax, the company's database was breached through a vulnerability on its website, exposing the personal information of an estimated 143 million people. The company thinks the hack happened some time between mid-May and the end of July.
If you have a credit record, you should visit Equifax’s website, www.equifaxsecurity2017.com.
- Find out if your information was exposed. Click on the “Potential Impact” tab and enter your last name and the last six digits of your Social Security number. Your Social Security number is sensitive information, so make sure you’re on a secure computer and an encrypted network connection any time you enter it. The site will tell you if you’ve been affected by this breach.
- Whether or not your information was exposed, U.S. consumers can get a year of free credit monitoring and other services. The site will give you a date when you can come back to enroll. Write down the date and come back to the site and click “Enroll” on that date. You have until November 21, 2017 to enroll.
- You also can access frequently asked questions at the site.
North Carolina residents may also obtain information from the North Carolina Attorney General's office:
9001 Mail Service Center
Raleigh, NC 27699-9001