This trade article repeats some of things we've heard before and some things we have not heard at all. Worth a look.
Marriott sent me along with others a notification, which was what one would expect them to do.
I felt that this was probably very troubling and traumatic for Marriott's management to have such a thing happen, so I felt a bit sorry for them. I expect that they try pretty hard to not have things like this happen.
I have pretty good email filtering and I am also not prone to be clicking on links, so I am not really that concerned about the whole situation.
Thanks for the post and the link.
What we all need to know is, the breach doesn't make it possible for someone to specifically target Marriott customers to phish. However, it does make such an attempt more effective. At the end of the day, no matter how hard anyone tries to secure customer data, a breach will happen. The most important line of defense is for each person to learn to be vigilant about unsolicited e-mails. At least look at the URL and the e-mail address of the sender before clicking on a link.