SAN FRANCISCO (KGO) -- It will take a long time to determine who was behind the Starwood Hotels and Resorts breach. While Marriott, which owns Starwood, discovered the breach in September and announced it Friday, the hack extends back to 2014.
The director of UC Berkeley's Center for Long-term Cybersecurity says many people might shrug this off, a form of "breach fatigue". But director Steve Weber says it's worth paying close attention to the intentions of the hackers.
RELATED: What to do if you think you might be impacted by the Marriott data breach
"One view is it's a criminal gang who intends to sell that data on the black market for profit. It could also be a nation-state actor. Governments are very interested in knowing where particular people were and what hotels they stayed in, at what times of the year and for what events so there are national security implications as well. "
As for consumers, marketing experts expect Marriott to move quickly to notify those whose data was compromised and offer free credit tracking services.
But San Francisco State University marketing professor Sanjit Sengupta said, " I also think there will be some kind of reward or reinforcement for loyalty. I think it's important. Maybe a free weekend at one of their properties for every person. It's going to cost them. "
RELATED: Here's how Marriott is responding to data breach that could impact 500 million customers
Weber said there are only two kinds of companies in the world-- those that have been breached and those that will be breached.
"Your numbers are in it, my numbers are in it, anyone who's ever stayed at a Starwood our in it but much of that data is already out there on the black web. It's been stolen from other sources."
Experts warn to watch out for secondary phishing scams claiming to help you secure your Marriott data. In the current climate, they maintain each individual has to take responsibility for monitoring their own financial affairs online.
Could Starwood hotel hack pose national security threat?
CONSUMER CATCH-UP: IRS debuts anti-identity theft website, Uber gets new permit for testing self-driving cars, and Phillips Hue lightbulbs found to have flaw that hackers can exploit