For some time now, Marriott, one of the largest hotel chains in the world, has been promoting its “Golden Rule” campaign to help promote kindness and treating others in a positive manner. However, it’s now become apparent that Marriott is in need of instituting such a plan for cybersecurity in their chain.
A massive data breach has hit the company, underscoring the need for all businesses to better protect customer’s confidential information.
The hack, which was discovered on September 8, did not impact customers of the Marriott brand itself. Instead, the Marriott-owned Starwood Hotels and Resorts Worldwide was the target of the attack. (Marriott obtained the Starwood brand in 2016.) This particular brand includes Four Points by Sheraton, St. Regis, Westin and W Hotels as well as Sheraton’s timeshares.
One of the Largest Cybersecurity Breach in History
The data breach is being called one of the “largest cybersecurity breaches in history” as it consists of data from 500 million customers. Marriott said it discovered unauthorized access all the way back to 2014.
Most of those affected by the breach includes some (or all) of the following information:
- Name
- Phone Number
- Street Address
- Email Address
- Passport Number
- Date of Birth
- Gender
- Starwood Preferred Guest account numbers
- Reservation information including arrival and departure dates.
In addition, some of the hacked customers had their credit card numbers and expiration dates stolen in the breach. Although Marriott has been very clear that the stolen credit card numbers were encrypted, they said they cannot determine if the numbers had been decrypted by the hackers.
The Marriott Breach Has Cyber Security Experts Alarmed
Many cybersecurity experts are concerned about the sensitive nature of this information which could be used to create false banking accounts. Those affected are encouraged to freeze their accounts and contacting credit agencies to monitor their credit reports for unusual activities. In addition, Marriott has set up a special website to help those with questions about the breach.
It remains to be seen if other hackers may try to further exploit this attack with their own phishing schemes.
The breach is already being investigated by law enforcement in three states – Massachusetts, New York, and Pennsylvania.
Marriott’s Breach Leaves Opportunities for More Attacks
Individuals may receive a malicious email message appearing to be from Marriott, encouraging victims to go to a special link to learn more about the attack. However, clicking this link will take victims to a fake landing page that will either steal their information or download malware onto their computers. Additionally, hackers may use some of the data (such as names and emails) to specifically target those already affected. KnowBe4, an INSUREtrust vendor partner, is creating templates to mirror these types of phishing attacks so IT departments can test employee vulnerability to this threat.
CyberSecurity Planning, Prevention and Quick Response Is Critical
These types of attacks are all too common. Successful attacks again corporate giants like Yahoo, Equifax, and now Marriott illustrate that no company, even those with large IT budgets, are immune from cyber threats.
Links
https://www.npr.org/2018/11/30/672168736/marriott-acknowledges-data-breach-at-starwood-hotels
https://www.businessinsider.com/marriott-data-breach-500-million-guests-affected-2018-11