Marriott faces data breach fallout

The Marriott hotel group has announced that it has fallen victim to one of the largest data breaches in history as data was stolen over the course of 4 years.

Marriott faces data breach fallout

The Marriott hotel group has announced that it has fallen victim to one of the largest data breaches in history as data was stolen over the course of 4 years.

posted in Cyber-SecurityRansomwareUncategorized @en-us ● 6 Dec 2018

Marriott face fallout from one of largest security breaches in history

Security incidents and data breaches have been making headline news during 2018. The number of high-profile incidents and people affected have been on the rise – and the Marriott hotel empire are currently dealing with one of the largest security breaches in history.

“Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database.  On November 19, 2018, the investigation determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties* on or before September 10, 2018.”

 

Marriott’s ‘data security incident’ reportedly affected up to 500 million people, making it one of the largest data breaches in history. An investigation found that the guest reservation system of the Starwood Division of Marriott hotels, which includes brands W Hotels, Aloft Hotels and Sheraton Hotels, had been “compromised” since 2014. The personal data stolen in the breach is said to include:

  • Names
  • Email addresses
  • Phone numbers
  • Passport information
  • Dates of birth
  • Hotel-specific booking information

Also targeted were the credit card and payment details of up to 327 million people. However, this information was encrypted and it is not yet known if the two components needed to descramble the numbers was also stolen.

 

The fallout

The Marriott group of hotels notified law enforcement and the relevant regulatory authorities including the Information Commissioner’s Office (ICO) in the UK. While the breach may take some time to investigate internally and externally, the result is likely to be costly for the organisation. The GDPR in the UK could see the organisation fined 4% of global revenue, and this would be in addition to any fines levied in the United States or by other countries where citizens have been affected by the breach.

In a statement, the UK’s Information Commissioner’s Office said: “We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.”

Marriott have set up a dedicated website and call centre to help deal with the fallout of the breach and advise those who may have been affected. In addition, they have contacted those affected via email.

In Marriott’s statement around the breach, President and CEO, Arne Sorenson has said:

“We deeply regret this incident happened… We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”

 

Cyber-security incidents on the rise

While hacks such as this one make huge headlines, due to the number of people that are directly affected, there are many cyber-security incidents that are increasing in volume. One of the fastest growing cyber-security threats to all organisations is ransomware, which in 2017 grew in volume by 350% across the globe.

A Ransomware attack is when hackers or cyber-criminals manage to gain unauthorised access to systems and then encrypt the data, demanding a ransom is paid for the data to be unencrypted.

 

Ransoms are often paid using crypto-currencies, making them hard to trace, and can range in value from a few hundred pounds to millions. Paying a ransom is also no guarantee of data being decrypted and returned safely; some strains of malware and ransomware are designed to simply delete data after a ransom has been paid.

Cyber-security researchers have also reported an increase in the volume of other types of cyber-security attack such as phishing attacks that often lead to larger scale hacks and breaches. In a global security report analysing data over a 10-year period, it was found that 26% of spam emails now contain malware strains and that phishing attacks and social engineering account for 55% of workplace compromises.

What About The Protection of Your Data Now That The UK No Longer Forms Part of The EU?

Since theEU referendumon Thursday 23 June 2016, when the people of the United Kingdom voted to leave the European Union, there has been much uncertain…

Continue reading

New Netherlands office to drive Euro expansion

Reading, 28 May 2019Redstor, the UK-headquartered company disrupting the world of data management, today announced the opening of a new Amsterdam office as part of a global expansion strategy.

Continue reading

Redstor key speaker at ITWeb conference

Johannesburg, 14th February 2019 – Danie Marais, Director of Product Management at Redstor, will reveal how a new technology is helping organizations comply with looming regulations, when he addresses the ITWeb Governance, Risk and Compliance conference on February 20/21.

Continue reading