Marriott Data Breach May Impact 5.2 Million Guests

PUBLISHED BY
Anna Domanska



TAGS:


1 year ago




Earlier in 2018, Hotel giant Marriott disclosed that it suffered one of the most massive breaches in history. The hack compromised of invading information of 500 million people who made reservations at a Starwood hotel. On Tuesday again, Marriott revealed that it was hacked again, this time with up to 5.2 million guests at risk. However, the recent Marriott data breach doesn’t seem to be so devastating like the earlier, as sensitive information like passport numbers isn’t seen affected at all. But a major leading hotel chain getting hit twice shows just one thing – how vulnerable the customers’ data are and how bad the protection system is!

The Hack (Yes, Again)

As per the details revealed by Marriott hotel, the breach dates back to mid-January, when someone accessed ‘guest information’ with the credentials of two franchise property employees. It is still unclear whether those credentials were stolen. The data obtained includes contact details like names, email and home addresses, phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, among others.

Mariott-Data-Breach

For the affected US residents, Marriott will compensate for a year of identity monitoring from IdentityWorks, which is managed by the credit-reporting company Experian.

Though the Marriott data breach occurred in mid-January, the hotel giant realized it towards the end of February, indicating that it remained for several weeks before getting red-flagged. After that, the hotel giant disabled the credentials, started an investigation, and forwarded emails to guests whose data is believed to have been breached. The 2018 breach of Marriott was explicitly against the reservation database of Starwood, which Marriott acquired in 2016. And the recent one began with a franchisee.

The Affected Lot

Around 5.2 million members of the Marriott Bonvoy loyalty program is believed to have been affected, although the numbers may rise. For the victims, Marriott has changed their Bonvoy account password, so that they can reset it. When they reboot, the system will prompt them to enable two-factor authentication for protecting the details. If the franchise employee’s credentials were stolen, Marriott’s is also trying to implement the same level of heightened security to its own staff as well. “Most breaches could simply be prevented with multifactor authentication,” says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec. “For any elevated access, organizations should be leveraging enhanced security controls. Multifactor authentication should be applied to everyone. And for elevated accounts that have high levels of access, the scrutiny on security should be even more extensive.”

For the affected US residents, Marriott will compensate for a year of identity monitoring from IdentityWorks, which is managed by the credit-reporting company Experian. The visitors have time till 30 June 2020 to enroll at their site. They will need an activation code which can be found either in the notification email or Marriott’s new “Did my info get hacked” portal.

Seriousness of the Marriott Hack

The recent breach is not as severe as the earlier one, which not only breached sensitive information like passport numbers but was also part of the state-sponsored Chinese hacking campaign. However, it is still wrong, though less. “Loyalty account numbers and history, and traveler preferences, allow criminals to tailor phishing campaigns with individualized schemes that become almost impossible to detect with the naked eye,” says Sangster.

In addition to this, there is Marriott’s security system, which is in a bad light for multiple breaches. “There are outstanding questions about the security of Marriott’s APIs and how hotels are allowed to access them,” Rusty Carter, vice president at security firm Arxan Technologies says. “In the same way that a store manager balances the register each day, companies in possession of customers’ data should verify access to individuals’ information and be able to identify anomalies quickly.”

Marriott is not the first and only company to get hacked multiple times. Yahoo leads the way, with separate hacks of 500 million and 3 billion users, respectively.

Avatar
Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Herman Miller acquires Knoll for $1.8 billion

Herman Miller acquires Knoll for $1.8 billion

Furniture design giant Herman Miller, Inc. announced its $1.8 billion acquisition of competitor Knoll Inc. on Monday. The acquisition comes at a time when the world is undergoing a
10 hours ago
What to expect from Apple’s Spring Loaded Event on April 20

What to expect from Apple’s Spring Loaded Event on April 20

On April 20, Apple CEO Tim Cook will take the stage to walk us down memory lane. The company’s ‘Spring Loaded’ event on Tuesday will usher in the launch of Apple’s next-gen
14 hours ago
Facebook’s Clubhouse clone to launch in summer

Facebook’s Clubhouse clone to launch in summer

Facebook Inc. on Monday announced it will launch several audio-centric products that can help it compete against Clubhouse, an audio-only chatting app that exploded in popularity d
14 hours ago
IBM revenue beats estimates, buoyed by cloud strength

IBM revenue beats estimates, buoyed by cloud strength

During IBM’s earnings call with analysts, Krishna said he knew that the January transformation in IBM’s strategy to invite more ecosystem partners would “take time for result
17 hours ago
Goldman Sachs invests $69 million in fintech Starling

Goldman Sachs invests $69 million in fintech Starling

Goldman Sachs Growth Equity has invested £50 million ($69 million) in UK digital bank, Starling. The investment is in addition to the bank’s oversubscribed £272 million Ser
1 day ago
Apple to launch hybrid TV set-top with speaker

Apple to launch hybrid TV set-top with speaker

Apple is bolstering its smart home devices space with the introduction of a new hybrid device— a combination of an Apple TV and a smart speaker with a screen, according to news r
2 days ago