Marriott Data Breach May Impact 5.2 Million Guests

PUBLISHED BY
Anna Domanska



TAGS:


2 years ago




Earlier in 2018, Hotel giant Marriott disclosed that it suffered one of the most massive breaches in history. The hack compromised of invading information of 500 million people who made reservations at a Starwood hotel. On Tuesday again, Marriott revealed that it was hacked again, this time with up to 5.2 million guests at risk. However, the recent Marriott data breach doesn’t seem to be so devastating like the earlier, as sensitive information like passport numbers isn’t seen affected at all. But a major leading hotel chain getting hit twice shows just one thing – how vulnerable the customers’ data are and how bad the protection system is!

The Hack (Yes, Again)

As per the details revealed by Marriott hotel, the breach dates back to mid-January, when someone accessed ‘guest information’ with the credentials of two franchise property employees. It is still unclear whether those credentials were stolen. The data obtained includes contact details like names, email and home addresses, phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, among others.

Mariott-Data-Breach

For the affected US residents, Marriott will compensate for a year of identity monitoring from IdentityWorks, which is managed by the credit-reporting company Experian.

Though the Marriott data breach occurred in mid-January, the hotel giant realized it towards the end of February, indicating that it remained for several weeks before getting red-flagged. After that, the hotel giant disabled the credentials, started an investigation, and forwarded emails to guests whose data is believed to have been breached. The 2018 breach of Marriott was explicitly against the reservation database of Starwood, which Marriott acquired in 2016. And the recent one began with a franchisee.

The Affected Lot

Around 5.2 million members of the Marriott Bonvoy loyalty program is believed to have been affected, although the numbers may rise. For the victims, Marriott has changed their Bonvoy account password, so that they can reset it. When they reboot, the system will prompt them to enable two-factor authentication for protecting the details. If the franchise employee’s credentials were stolen, Marriott’s is also trying to implement the same level of heightened security to its own staff as well. “Most breaches could simply be prevented with multifactor authentication,” says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec. “For any elevated access, organizations should be leveraging enhanced security controls. Multifactor authentication should be applied to everyone. And for elevated accounts that have high levels of access, the scrutiny on security should be even more extensive.”

For the affected US residents, Marriott will compensate for a year of identity monitoring from IdentityWorks, which is managed by the credit-reporting company Experian. The visitors have time till 30 June 2020 to enroll at their site. They will need an activation code which can be found either in the notification email or Marriott’s new “Did my info get hacked” portal.

Seriousness of the Marriott Hack

The recent breach is not as severe as the earlier one, which not only breached sensitive information like passport numbers but was also part of the state-sponsored Chinese hacking campaign. However, it is still wrong, though less. “Loyalty account numbers and history, and traveler preferences, allow criminals to tailor phishing campaigns with individualized schemes that become almost impossible to detect with the naked eye,” says Sangster.

In addition to this, there is Marriott’s security system, which is in a bad light for multiple breaches. “There are outstanding questions about the security of Marriott’s APIs and how hotels are allowed to access them,” Rusty Carter, vice president at security firm Arxan Technologies says. “In the same way that a store manager balances the register each day, companies in possession of customers’ data should verify access to individuals’ information and be able to identify anomalies quickly.”

Marriott is not the first and only company to get hacked multiple times. Yahoo leads the way, with separate hacks of 500 million and 3 billion users, respectively.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Amazon under Congressional scrutiny for pushing own products over others

Amazon under Congressional scrutiny for pushing own products over others

US judiciary Antitrust Committee writes a letter saying that Amazon is given time till November 1 to prove that it utilizes seller data available to create competing products and p
4 hours ago
Porsche’s Taycan EV outsells ICE powered its 911 sports car

Porsche’s Taycan EV outsells ICE powered its 911 sports car

The Porsche Taycan EV has outsold the Porsche 911 sports car for the first time since it was introduced in 2019 by the German automaker.
1 day ago
Tesla expected to make a killing in Bitcoin profits in next earning report

Tesla expected to make a killing in Bitcoin profits in next earning report

The price of Bitcoins has rallied to another high in October after hitting around $64,800 in April. This time it has hit over $58,000 on Oct. 14.
2 days ago
Tesla Cybertruck V/s Rivian’s R1T

Tesla Cybertruck V/s Rivian’s R1T

The Tesla Cyberturck left many disappointed with its alien space ship-like design; though both trucks are still under production, what matters most is what comes under the hood.
3 days ago
College sports is multibillion dollar industry in the US

College sports is multibillion dollar industry in the US

According to data analyzed by GOBankingRates, head football coaches, closely followed by basketball coaches, easily rack up seven-figure salaries in the US.
4 days ago
Top women influencers in finance and wealth management

Top women influencers in finance and wealth management

It is only in the last century or so that women have been publicly acknowledged for their roles as leaders in various fields. Here’s a list of women influencers by Industry Leade
5 days ago