The Marriott Data Breach
The recently announced data breach of the Marriott is a major incident involving around 500 million records, ranging from credit card details, passports, email addresses, phone numbers and other customer-related information.
Current information suggests the attack was commenced a number of years ago in 2014, giving the attackers ample time to choose information to be extracted an exploited.
We thought we would use this Blog to bring together the latest news stories to provide an overview of this significant breach, which may be in the top three compromises of all time.
Marriott's Starwood hack hits up to 500 mln customers
AFR, 1 December 2018
New York | Marriott International said hackers accessed up to 500 million customer records in its Starwood Hotels reservation system in an attack that began four years ago, exposing data including passport numbers and payment cards.
Shares fell 6 percent on news of the hack, one of the largest in history, which prompted regulators in Britain and at least five US states to launch investigations.
The Federal Bureau of Investigation said it was looking into the attack on Starwood, whose brands include Sheraton, St. Regis, W and Westin hotels. It advised affected customers to check for identity fraud and report it to the bureau's Internet Crime Complaint Center.
The hack began in 2014, a year before Marriott offered to buy Starwood to create the world's largest hotel operator. The $US13.6 billion deal closed in September 2016.
Massive data breach at Marriott's hotels
Channel 9 News, 1 December 2018
The Marriott hotel chain has reported a data breach affecting the personal details of up to half a billion guests who made reservations at its Starwood properties.
The US company has determined there was unauthorised access to the reservation database of its Starwood division of hotels.
The discovery came as part of an investigation earlier this month, which had been looking at a cyber attack dating back to 2014, a statement on Friday said.
The company believes the breach affected "up to approximately 500 million guests who made a reservation at a Starwood property".
For around 327 million of those people, the duplicated information includes some combination of name, address, phone number, email, passport number, and other personal details, as well as details of their stay, the statement said. Read more
Marriott's Starwood hotels hacked, compromising 500 million guests
ABC, 1 December 2018
The personal information of as many as 500 million people staying at Starwood hotels has been compromised as Marriott says it has uncovered unauthorised access taking place within its Starwood network since 2014.
The company said on Friday that credit card numbers and expiration dates of some guests may have been taken.
For as many as two-thirds of those affected, data exposed could include mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences.
For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information. Read more
500 million Marriott customers have had their data hacked after staying at hotels including W, Sheraton, and Westin
Business Insider, 1 December 2018
Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.
Marriott announced Friday that it had “taken measures to investigate and address a data security incident” that it said stemmed from its Starwood guest-authorization database.
The company said it thought about 500 million people’s information was accessed, including an unspecified number who had their credit-card details taken.
Marriott said that the unauthorised access had been going on since 2014 and that the breach affected customers who made bookings on or before September 10.
Marriott faces massive data breach expenses even with cybersecurity insurance
ZDNet, 1 December 2018
Marriott's total tab for a data breach affecting as many as 500 million consumers is going to cost billions of dollars over the next few years, based on the average cost of megabreaches.
Marriott's disclosure of a data breach impacting as many as 500 million consumers is going to result in technology, security, and legal expenses for years to come -- and the tab is likely to be in the billions of dollars. Read more