Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach

By   ISBuzz Team
Writer , Information Security Buzz | Apr 01, 2020 02:27 am PST

The Marriott International hotel chain has fallen victim to its second major data breach in as many years, after information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property.

Compromised information may involve contact details, including postal and email addresses and phone numbers; information relating to customer loyalty accounts, but not passwords; personal details such as employers, gender and birth dates; partnerships and affiliations, such as details of linked airline loyalty programs; and guest preferences, such as room preferences and languages.

Notify of
24 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Sadler
Tim Sadler , CEO
InfoSec Expert
April 3, 2020 12:13 pm

Marriott customers should now be alert to the fact that they could receive targeted phishing scams from hackers impersonating the hotel group, leveraging the information they have stolen to steal payment details or account passwords. If you receive a suspicious email that asks you to carry out an urgent action, do not comply with the request, click the link or download any attachments. Contact the hotel directly to verify whether the request is legitimate.

Last edited 3 years ago by Tim Sadler
Becky Nicholson
Becky Nicholson , Data Privacy Consultant
InfoSec Expert
April 2, 2020 6:56 pm

With the sheer volume of data breaches in recent time, we’re at risk of becoming numb to the danger these attacks pose. All organisations, including Marriott International, must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public facing system. These are not silver bullets but can go a long way to improving security.

Technical defence is still paramount, and in particular, regular penetration testing is vital. But it is also just as important to test employee awareness. Employees will always be the weakest link but with the right education can be an organisation’s biggest asset in terms of defence. Such employee awareness training can also be measured by regular phishing or red team assessments.

Last edited 3 years ago by Becky Nicholson
Chris DeRamus
Chris DeRamus , VP of Technology Cloud Security Practice
InfoSec Expert
April 2, 2020 6:36 pm

Hotels collect personally identifiable information (PII) and other highly sensitive data on their guests. As such, hospitality organizations are an attractive target for cybercriminals. This is Marriott’s second major breach reported in recent years, and this time, the breach appears to have occurred due to compromised employee credentials. While this breach didn’t affect nearly as many hotel guests than the incident back in 2018, the exposed information includes guests’ contact details, employer, gender, birthday, as well as Marriott loyalty program account information and airline loyalty program information, which is more than enough for bad actors to leverage and launch extremely tailored phishing attacks aimed at the impacted guests.

To protect customer data, enterprises must adopt a least privilege access across cloud environments, including a robust approach to identity and access management (IAM). In these environments, everything has an identity – users, applications, services, and systems. Organizations must implement multi-factor authentication (MFA) for all users, securely manage service accounts and their corresponding keys, enforce least privileged access, and enforce best practices for the use of audit logs and cloud logging roles.

Last edited 3 years ago by Chris DeRamus
Andrew Hollister
Andrew Hollister , Director
InfoSec Expert
April 2, 2020 6:28 pm

A global company like Marriott, which collects massive amounts of personal information about its guests, will always be an attractive target for bad actors. Whilst this is the second data breach Marriott has reported in the last two years, there are some positives to draw from the statement released today.

In the previous incident in 2018, Marriott detected signs of unauthorized activity going back four years. In this new case, the activity appears to have begun in January 2020 and been detected during the course of February 2020. This is a significant improvement in time to detect and respond to a data breach. Whilst a significant number of records has been breached, the reduced time to detect has no doubt contributed to the number being substantially lower than on the previous occasion.

This latest data breach just goes to show that continuing vigilance is required to keep reducing the time to detect and respond to threats, and that real reductions in impact can be made with focus on this issue which affects every company on the globe which holds personal information.

Last edited 3 years ago by Andrew Hollister
Rahul Kashyap
Rahul Kashyap , President and CEO
InfoSec Expert
April 1, 2020 8:24 pm

The Marriott breach is an example of how every attack these days is an insider attack in some way—whether the insider is acting maliciously themselves, or has had their credentials stolen. Most organizations lose the battle against insider attacks when it comes to the time it takes them to discover the threat since the actions often blend in with normal day-to-day activities. To Marriott’s credit, it appears an excessive amount of access by two individuals within its organization stood out as a red flag. For others looking to learn from their example, however, spotting this type of outlier activity is likely becoming more difficult as work habits shift due to the Covid-19 pandemic.

Last edited 3 years ago by Rahul Kashyap

Recent Posts

Would love your thoughts, please comment.x