How Marriott Got Caught In A 500-Million Person Data Breach
Were You Affected? (Your Questions Answered)
What Do We Need To Know About The Marriott Breach?
Another big corporation got hooked. This time it was Marriott International. They just revealed that their Starwood reservations database of 500 million customers was hacked and that the personal information of up to 327 million guests was stolen. And, this has been going on since 2014!
How Did This Happen?
On September 8, 2018, Marriott was alerted about an attempt to access the Starwood guest reservation database.
They contacted leading security experts to help them determine what occurred. Marriott said that the hacker copied, encrypted and removed their customers’ data.
On November 19, 2018, Marriott was able to decrypt the data and learned that it was from the Starwood guest reservation database.
Marriott acknowledged that the encryption security keys for this data may have fallen into the hands of hackers. This allowed them to access the massive amount of data. Secure systems lock up data and should store the encryption keys in a location that’s separate from the confidential information.
Some good questions to ask here are:
“How did the criminals get Marriott’s encryption keys?
“Why did it take so long for Marriott to reveal the breach?” They learned about it in September which is over two months ago.
And, this was a 4-year long breach! “Why didn’t Marriott know that their customers’ data was being stolen over this long period?”
Maybe we’ll find out the answers to these questions, and perhaps not. What’s for sure is that you are on your own when it comes to protecting your confidential data.
How Do I Know If My Data Was Stolen?
If you are a Starwood Preferred Guest member and your data was stored in the Starwood property’s database (which includes Sheraton, Westin and St. Regis hotels, among others) you need to be on alert.
As mentioned, this data breach goes all the way back to 2014 and includes names, passport numbers, email addresses and payment information for approximately 327 million travelers – a “big catch” for any hacker. Even your date of birth, gender, reservation dates and communication preferences may be included in the breach.
Should I Contact Marriott?
Marriott set up a website and call center for customers who were impacted by the data breach. Email notifications are also being rolled out.
Marriott is also offering affected customers the option to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert if your personal information is found. If you live in the U.S., you’ll also be offered fraud consulting services
What Else Should I Do?
If your data was stolen, you should observe for incidents of identity theft. Also, watch for phishing emails where hackers try to impersonate someone you trust to take information or money from you.
Arrange For Security Awareness Training For Your Employees
If your business data was involved, make sure that you arrange for Security Awareness Training for your employees to train them to recognize phishing attempts. This includes:
Baseline Testing to assess the Phish-prone percentage of your employees through a free simulated phishing attack.
Training For Your Users with content that includes interactive modules, videos, games, posters, and newsletters.
Simulated Phishing Attacks that utilize best-in-class, fully automated, simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
Reports with statistics and graphs for both training and phishing for your management to review.
Whether your business was involved in the breach or not, Security Awareness Training for your employees is always a good idea.
Another good idea is to sign up for Dark Web Scanning Services.
Get Dark Web Scanning For Your Confidential Business Data
The Dark Web is a secret internet society that’s only accessible to a select group of criminals. Criminals use it to take stolen data (like the Marriott/Starwood customer information) and dump it on the black market for sale.
Dark Web Scanning is a sophisticated monitoring solution that helps businesses of any size detect cyber threats that expose their stolen business accounts, email addresses, payment information, and other confidential data that’s on the Dark Web. It also does this in real time and detects any of your compromised credentials or information before criminals can use it for profit or other crimes.
Don’t Count On The Marriott’s Of The World To Protect Your Business Data – You Must Do This Yourself
Contact us for information about Data Protection, Security Awareness Training and Dark Web Scanning. We have a Suite of IT Security Solutions to help you keep your business data secure.