DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Databases
  4. Marriott Confirms Breach Impacts as Many as 500 Million Guests

Marriott Confirms Breach Impacts as Many as 500 Million Guests

The recent Marriott breach could impact as many as 500 million guests.

Laura Paine user avatar by
Laura Paine
·
Nov. 30, 18 · News
Like (4)
Save
Tweet
Share
7.63K Views

Join the DZone community and get the full member experience.

Join For Free

Marriott International has disclosed that the guest reservation database of its Starwood division has been breached, affecting as many as 500 million guests. The company has also confirmed that there has been unauthorized access to the Starwood network since 2014.

According to a report from the BBC, for roughly 327 million guests, the attacker was able to access personally identifiable information including a combination of name, address, phone number, email address, passport number, account information, date of birth, and gender. In some cases, the compromised records also included encrypted credit card information. The company is still trying to determine whether or not the encryption keys have also been stolen.

In a statement, Marriott said that on Sept. 8 of this year, it received an alert from an internal security tool that an unauthorized user had attempted to access the Starwood database in the US. An investigation into the incident confirmed that an attacker had indeed copied and encrypted the information. Marriott was able to decrypt the information to confirm that the contents were from the Starwood guest reservation database.

While it is still unclear how the attackers penetrated the organization, Chris Wysopal, co-founder and CTO of Veracode, said that the breach could have gone undetected on the network for so long because attackers are getting better at making sure their attacks don’t contain indicators of compromise (IoC).

Marriott bought Starwood, which owns brands including the W Hotels, Sheraton, Le Méridien, and Four Points by Sheraton, in 2016 to create the largest hotel chain in the world. Marriott-branded hotels use a separate reservation system on a different network.

The incident has been reported to both law enforcement and regulatory authorities, and the UK's data regulator is investigating. While Marriott is headquartered in the US, it works with and hosts European citizens, so it must ensure that it meets GDPR compliance. It’s anticipated that Marriott International will receive a substantial penalty because of the size and scale of the breach. Wysopal said that given that this is one of the first major breaches under both GDPR and the new California Consumer Privacy Act — “it will be a bellwether for breaches to come.”

Marriott is emailing guests affected by the breach and will not send emails with any attachments. Additionally, the company is offering its guests a free membership to WebWatcher, a personal information monitoring service, and is instructing guests to watch their loyalty accounts, change their passwords, and check credit card statements for unauthorized activities. An informational website and call center have also been set up to support guests during the investigation.

Database Privacy Act (Canada) Network Cards (iOS) Host (Unix) Indicator (metadata) Citizen (app) Law (stochastic processes)

Published at DZone with permission of Laura Paine, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • The Changing Face of ETL
  • The Key Assumption of Modern Work Culture
  • Apache Kafka Introduction, Installation, and Implementation Using .NET Core 6
  • Implementing Infinite Scroll in jOOQ

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: