Marriott face fallout from one of largest security breaches in history
Security incidents and data breaches have been making headline news during 2018. The number of high-profile incidents and people affected have been on the rise – and the Marriott hotel empire are currently dealing with one of the largest security breaches in history.
“Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. On November 19, 2018, the investigation determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties* on or before September 10, 2018.”
Marriott’s ‘data security incident’ reportedly affected up to 500 million people, making it one of the largest data breaches in history. An investigation found that the guest reservation system of the Starwood Division of Marriott hotels, which includes brands W Hotels, Aloft Hotels and Sheraton Hotels, had been “compromised” since 2014. The personal data stolen in the breach is said to include:
- Email addresses
- Phone numbers
- Passport information
- Dates of birth
- Hotel-specific booking information
Also targeted were the credit card and payment details of up to 327 million people. However, this information was encrypted and it is not yet known if the two components needed to descramble the numbers was also stolen.
The Marriott group of hotels notified law enforcement and the relevant regulatory authorities including the Information Commissioner’s Office (ICO) in the UK. While the breach may take some time to investigate internally and externally, the result is likely to be costly for the organisation. The GDPR in the UK could see the organisation fined 4% of global revenue, and this would be in addition to any fines levied in the United States or by other countries where citizens have been affected by the breach.
In a statement, the UK’s Information Commissioner’s Office said: “We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us.”
Marriott have set up a dedicated website and call centre to help deal with the fallout of the breach and advise those who may have been affected. In addition, they have contacted those affected via email.
In Marriott’s statement around the breach, President and CEO, Arne Sorenson has said:
“We deeply regret this incident happened… We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Cyber-security incidents on the rise
While hacks such as this one make huge headlines, due to the number of people that are directly affected, there are many cyber-security incidents that are increasing in volume. One of the fastest growing cyber-security threats to all organisations is ransomware, which in 2017 grew in volume by 350% across the globe.
A Ransomware attack is when hackers or cyber-criminals manage to gain unauthorised access to systems and then encrypt the data, demanding a ransom is paid for the data to be unencrypted.
Ransoms are often paid using crypto-currencies, making them hard to trace, and can range in value from a few hundred pounds to millions. Paying a ransom is also no guarantee of data being decrypted and returned safely; some strains of malware and ransomware are designed to simply delete data after a ransom has been paid.
Cyber-security researchers have also reported an increase in the volume of other types of cyber-security attack such as phishing attacks that often lead to larger scale hacks and breaches. In a global security report analysing data over a 10-year period, it was found that 26% of spam emails now contain malware strains and that phishing attacks and social engineering account for 55% of workplace compromises.