ITP Techblog

Brought to you by IT Professionals NZ
« Back to Security & Privacy

Marriott hack: 500 million records exposed

Paul Brislen, Editor. 03 December 2018, 7:37 am

The danger of giving out critical information has once more been reinforced following news that a security breach at the Marriott hotel chain has exposed 500 million customer accounts including credit card details, "name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ('SPG') account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences," says the company in a written statement.

Anyone who stayed at a number of sub-brands owned by Marriott over the past four years (including W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points) is advised to check in to the chain's emergency website to check their own details.

Staff at the hotel chain noticed unusual access activity on September 8 and managed to lock out the intruder within two days, but the true scale of the attack wasn't really understood until November 19 and wasn't reported to the public until this week.

While any payment transactions were encrypted and should be secure, the loss of so much personal data, data that is difficult if not impossible to change, is as worrying as the scale of the hack. Half a billion records, some of which may be duplicates for guests who visited repeatedly during the four-year period, puts this among the top three notified breaches, according to Associated Press. The largest, the Yahoo security breach, is now estimated at three billion records.

Marriott says it "deeply regrets" the incident, and has informed US law enforcement agencies about it, but that may not be enough to placate European agencies, particularly since the introduction of the GDPR regulations which came into effect earlier this year.





You must be logged in in order to post comments. Log In

Web Development by The Logic Studio