Marriott Data Breach Compromises the Data of 500 Million Customers


Marriott Data Breach Compromises the Data of 500 Million Customers - Marriott Data Breach Compromises the Data of 500 Million Customers

Marriott International has announced a massive data breach focused on the online reservation network of its Starwood Hotels brand. The unauthorized access allegedly spanned from 2014 to this November and compromised the Starwood Preferred Guest names, mailing addresses, phone numbers, email addresses, passport numbers and account information of nearly 500 million customers. In addition, some credit card numbers and expiration dates were exposed, although initial audits indicate these payment card numbers remained encrypted.

It is not yet clear how exactly the breach occurred. But in September, an internal cybersecurity assessment alerted Marriott employees that unauthorized parties may have copied and encrypted customer information. In addition to Starwood Hotels, other affected brands were Westin, Sheraton, Four Points by Sheraton, The Luxury Collection, W Hotels, St. Regis, Le Méridien, Aloft, Element, Tribute Portfolio and Design Hotels.

While the announcement of this breach shouldn’t come as a surprise to cybersecurity professionals and privacy advocates, the impact has manifested itself in surprising ways. On Friday, November 30, immediately after the news was published, Marriott stock fell about 5%, underscoring the fact that data breaches and identity theft can negatively impact even a famous brand’s reputation and business performance.

More details are sure to emerge both about the breach itself and Marriott’s efforts to contain the damage, which could result in huge cleanup costs and civil and/or criminal penalties. Many cybersecurity experts believe this breach could be the first real test of tough new GDPR regulations, which require companies to notify government agencies of a known hack within 72 hours.

Right now, the number of customers affected by this Marriott breach is staggering and ranks close to some of the worst data breaches in history. These include Yahoo and Equifax; The latter company, a credit bureau, has spent $400 million on recovery efforts after its own breach that affected 148 million people.

As of this writing, Marriott had established a dedicated website and call center to handle requests from guests who are concerned about the theft of their personal information. Marriott said it would reach out to affected customers and announced its plan to offer customers in the United States, Canada and the United Kingdom free registration for a year with Web Watcher, a service that tracks black market sites trading stolen information.

Without knowing exactly what caused this violation, CMIT Solutions recommends the following strategies if you believe you or your business may be affected by the Marriott violation:

See more new articles in category: GUIDES
Leave a comment