World renowned hotel chain Marriott has had a major data security breach in which half a billion guests have been affected.
Customers who booked reservations at Starwood properties in the US are affected as stolen information including: names, addresses, email addresses, passport numbers, dates of birth and in some cases payment card numbers and expiration dates, have been secured.
Arne Sorenson, Marriott president and chief executive, said in a statement: “We deeply regret this incident happened.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
“We will also continue to support the efforts of law enforcement and to work with leading security experts to improve.
“Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Analysis: Mike Ianiri, cyber security expert at Equinox
Today’s breach shows the importance of penetration testing on a regular basis. If this was being done, as it should be, then this breach would have been detected years ago. There are plenty of ways hotels can beef-up their security and ensure their guests’ data is protected – and failing to do so shows either incompetence, a lack of respect for guest privacy or a complete failure to understand the impacts of data breaches like these.
Updating WiFi passwords on a regular basis, separating corporate and guest WiFi, performing regular firewall tests, using sniffer tools, and providing regular social engineering training to staff – are all simple steps that hotels can take to reduce the risk of a data breach.
Data breaches unfortunately do happen – but to give access to a hacker since 2014 is unacceptable for such a large corporation that holds huge amounts of data on their clients. It seems no one was taking the chain’s security seriously.