CYBER BLOG: Marriott Data Breach

CYBER BLOG: Marriott Data Breach

On Friday the US hotel chain Marriott revealed that they had been subject to a data breach involving 500 million customers. It would appear that the Starwood guest reservation system had been compromised for a four-year period.

This is a significant story due to both the number of people affected and also the apparent length of time that the attackers have been inside the system. According to reports around 327 million of the accounts include names, addresses, hotel booking dates, reservation dates, dates of birth and gender. Other details that have been accessed include credit card numbers and passport numbers.

During their investigation Marriott found a full, encrypted database online, which, once decrypted was revealed to be a copy of their entire reservation database.

Customers who have been affected should be receiving an email from Marriott to let them know what has happened and Marriott are offering to enrol affected customers into a data breach monitoring system.

It is good to see that Marriott are taking steps to protect their customers but their customers still need to be on their guard. This is something that would appear to have been going on for a significant amount of time and there are a lot of details that have been compromised. Anyone who has stayed in any of the Marriott hotels or one of their brands needs to be extra vigilant. I would expect to see an increase in phishing emails and text messages claiming to be from Marriott over the next few weeks and months. People may be expecting emails from the hotel chain and this is likely to help increase the success rate of these attacks.

Customers also need to be checking their bank and credit card statements regularly to ensure that there are no suspicious transactions on them. This should be standard practice anyway but at the moment, these checks need to be extra vigilant. If you are particularly worried, then contact your bank and request a new card.

A bigger issue may be the loss of passport numbers. The Passport Office will be less likely to issue you a new passport without charging you for it.

Finally, any affected customers need to change their Marriott password and anywhere else they may have reused that password. Now might be a good time to start using a password manager if you don’t already.

Chief Ethical Hacker, Gerry Grant

For more information and advice please email [email protected]

Related News

Member Log-In

Welcome to the SBRC Members Lounge, login details will be issued to members in due course.

Forgot password?