Marriott Data Breach May Impact 5.2 Million Guests

PUBLISHED BY
Anna Domanska



TAGS:


1 year ago




Earlier in 2018, Hotel giant Marriott disclosed that it suffered one of the most massive breaches in history. The hack compromised of invading information of 500 million people who made reservations at a Starwood hotel. On Tuesday again, Marriott revealed that it was hacked again, this time with up to 5.2 million guests at risk. However, the recent Marriott data breach doesn’t seem to be so devastating like the earlier, as sensitive information like passport numbers isn’t seen affected at all. But a major leading hotel chain getting hit twice shows just one thing – how vulnerable the customers’ data are and how bad the protection system is!

The Hack (Yes, Again)

As per the details revealed by Marriott hotel, the breach dates back to mid-January, when someone accessed ‘guest information’ with the credentials of two franchise property employees. It is still unclear whether those credentials were stolen. The data obtained includes contact details like names, email and home addresses, phone numbers, as well as gender, birthday, frequent flier numbers, loyalty account info, and hotel preferences, among others.

Mariott-Data-Breach

For the affected US residents, Marriott will compensate for a year of identity monitoring from IdentityWorks, which is managed by the credit-reporting company Experian.

Though the Marriott data breach occurred in mid-January, the hotel giant realized it towards the end of February, indicating that it remained for several weeks before getting red-flagged. After that, the hotel giant disabled the credentials, started an investigation, and forwarded emails to guests whose data is believed to have been breached. The 2018 breach of Marriott was explicitly against the reservation database of Starwood, which Marriott acquired in 2016. And the recent one began with a franchisee.

The Affected Lot

Around 5.2 million members of the Marriott Bonvoy loyalty program is believed to have been affected, although the numbers may rise. For the victims, Marriott has changed their Bonvoy account password, so that they can reset it. When they reboot, the system will prompt them to enable two-factor authentication for protecting the details. If the franchise employee’s credentials were stolen, Marriott’s is also trying to implement the same level of heightened security to its own staff as well. “Most breaches could simply be prevented with multifactor authentication,” says David Kennedy, CEO of the penetration testing and incident response consultancy TrustedSec. “For any elevated access, organizations should be leveraging enhanced security controls. Multifactor authentication should be applied to everyone. And for elevated accounts that have high levels of access, the scrutiny on security should be even more extensive.”

For the affected US residents, Marriott will compensate for a year of identity monitoring from IdentityWorks, which is managed by the credit-reporting company Experian. The visitors have time till 30 June 2020 to enroll at their site. They will need an activation code which can be found either in the notification email or Marriott’s new “Did my info get hacked” portal.

Seriousness of the Marriott Hack

The recent breach is not as severe as the earlier one, which not only breached sensitive information like passport numbers but was also part of the state-sponsored Chinese hacking campaign. However, it is still wrong, though less. “Loyalty account numbers and history, and traveler preferences, allow criminals to tailor phishing campaigns with individualized schemes that become almost impossible to detect with the naked eye,” says Sangster.

In addition to this, there is Marriott’s security system, which is in a bad light for multiple breaches. “There are outstanding questions about the security of Marriott’s APIs and how hotels are allowed to access them,” Rusty Carter, vice president at security firm Arxan Technologies says. “In the same way that a store manager balances the register each day, companies in possession of customers’ data should verify access to individuals’ information and be able to identify anomalies quickly.”

Marriott is not the first and only company to get hacked multiple times. Yahoo leads the way, with separate hacks of 500 million and 3 billion users, respectively.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Ford sees surprise Q2 profit despite chip shortage and manufacturing hassles

Ford sees surprise Q2 profit despite chip shortage and manufacturing hassles

“The business is ‘spring loaded’ for a rebound when semiconductor supplies stabilize and more closely match demand.”
2 hours ago
Audi A6 E-tron Production Launch in 2023

Audi A6 E-tron Production Launch in 2023

Audi has confirmed that there will be multiple variants of the etron, including “basic versions optimized for minimum consumption and maximum range.
19 hours ago
Royal Dutch Shell buyback lifts investor sentiment

Royal Dutch Shell buyback lifts investor sentiment

Royal Dutch Shell commences share buybacks before the end of this year while reducing its first quarter dividend to 16 cents per share, a 66% cut.
20 hours ago
Citizens Financial to acquire Investors Bancorp in $3.5 billion NYC push

Citizens Financial to acquire Investors Bancorp in $3.5 billion NYC push

Citizens Financial Group, Inc. and Investors Bancorp announced today that they have entered into a definitive agreement and plan of merger in a cash-and-stock deal worth $3.5 billi
2 days ago
Apple Q3 Earnings Break Records Again!

Apple Q3 Earnings Break Records Again!

Apple Q3 earnings prove the Cupertino giant remains unaffected by the Covid-19 pandemic as sales rise across all product lines.
2 days ago
Strong iPhone 12 sales could boost Apple’s Q3 2021 earnings

Strong iPhone 12 sales could boost Apple’s Q3 2021 earnings

Will Apple manage to post solid earnings in Q3 2021? Here’s what Wall Street’s top analysts have to say ahead of Apple’s Q3 2021 earnings report today.
3 days ago