David Kennedy:

Well, first and foremost, we don't know the extent of this breach. But it's safe to say that passwords were probably compromised when it comes to this as well.

So if you had a Starwood account from 2014 up until September of this year, it's important to note that to change your password, but, most importantly, if you use that password anywhere else, we see very commonly, when large data breaches like this occur — there was one with LinkedIn, a number of other ones that have occurred — attackers have tools that automatically log into all of these different sites to try those passwords you have associated with those e-mail addresses.

So if you're using that same password somewhere else, heavily recommend changing that immediately. Additionally, credit monitoring does do a good amount of service. You can actually call the credit bureaus and lock your credit, so that things can't be taken out in advance.

And that's a good precautionary measure, not just for this specific breach, but just in general. There's also services like LifeLock, for example, which you have a $1 million insurance policy in case somebody actually does take out and steal your identity and uses it for fraudulent activity. They will help you fix that credit, and also give you monitors for things that are occurring out there.

And last but not least, the most — one of the most important steps that we see out there is, your financial institutions, your social media accounts, things like that have additional settings that you have that you can log into your site with, and put what's called two-factor authentication in place.

And these are steps that allow you to give you a one-time text message to your phone that you answer when you log into your sites. And think about that. If a hacker gets access to your password, they still don't have access to your account because they don't own your phone.

And that's one of the best steps out there today to stopping a lot of these different types of password attacks that we see happening.