Another day, another data breach: Starwood Hotels has announced that malware was discovered on some of its point-of-sale systems, allowing hackers to get access to customers’ payment card numbers, expiration dates and security codes. Altogether, 54 hotels across the country were affected, including Sheraton, Westin, and W hotels. If you stayed in a Starwood-owned hotel between Nov. 7, 2014, and Oct. 23 2015, check this list to see if your payment card information was exposed.
But even if a hacker got your payment card number, there’s little reason to panic. The worst case scenario is that a fraudster uses your credit card number and rings up bills in your name. If that happens, all you have to do is read your next credit card statement and report any fraudulent charges to your financial institution — and you won’t pay a cent for what the scammers purchased. The old card will simply then be canceled, and your financial institution will mail you a new one.
That’s because under the law, if a criminal uses your card number but not your physical card, you’re not liable for any fraudulent purchases that you report within 60 days. That’s true for both credit and debit cards, though recovering your money after a debit card is breached can be a bigger hassle because the money has already been taken from your account. If a criminal uses your credit card, you’ll never have to pay the bill.
Starwood is also offering affected customers free identity protection and credit monitoring for one year. If you’re eligible, go ahead and take it. But beware — credit monitoring does little to protect you after a breach like this. Credit monitoring only lets you know if an identity thief has opened a new account in your name, which these hackers can’t do, because no Social Security numbers were exposed. Credit monitoring does not let you know if a hacker is using your credit card, which is the main concern here.
The only thing you have to do to make sure a criminal isn’t using your payment card is read your statement, this month and every month. And don’t worry too much if your information was leaked — you’ll get your money back.