Remember meForgot password?
    Log in with Twitter

article imageHotel giant Marriott International suffers new data breach Special

By Tim Sandle     Apr 2, 2020 in Business
Marriott International, the hotel group that consists of the global chains Marriott, St Regis and The Ritz-Carlton, has suffered a major cybersecurity breach. The breach has led to customer data being exposed.
This is the second major data breach impacting on the Marriott Hotel group. With the previous incident back in 2018 (which was reported on by Digital Journal), Marriott detected signs of unauthorized activity going back some four years. With the new case, the activity seems to have begun in January 2020 and the incident has been detected during the course of February 2020.
In terms of details about the incident, Computer Weekly summarizes that the login credentials of two employees at a franchise hotel property were used to access the personal information relating to over 5 million customers. The data extended to contact details and personal data, loyalty account information, and guest preferences. This is the type of personal identifying information that can be exploited by rogue actors.
The dangers are with the breach, according to Peter Goldstein, CTO and co-founder of Valimail, that hackers will quickly seek to exploit the information. Goldstein tells Digital Journal: “It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks."
He adds that: "For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand impersonation tactics."
In terms of the form that future attacks might take, Goldstein explains: “Phishing campaigns often follow soon after breaches like this, targeting the victims with fake security warnings that look like they came from the breached company. In fact, 83 percent of phishing emails overall are brand or company impersonations."
And the implications of this are: "If successful, this can lead to account takeover, identity theft and other scams that may affect an individual for years to come. As phish become increasingly hard to identify, email security solutions based on validating sender identity are a powerful defense that can help thwart these attacks at their source.”
In a statement, quoted by CBR, a Marriott spokesperson says: “At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”
More about Marriott, Data breach, Cybersecurity
Latest News
Top News