Marriott Hack- 500m Data Records Exposed

Uploaded on 2018-12-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Security experts alarmed by the scope of a data breach at the Marriott hotel empire worry that stolen information on specific hotel stays could be used for burglary, espionage or reputational attacks.

Hackers stole information on as many as 500 million guests of the Marriott hotel empire over four years, obtaining credit card and passport numbers and other personal data, including arrival and departure dates.

The crisis quickly emerged as one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.

Nearly 60 per cent of cyber-attacks target multiple components on an organisation's network, research from security firm Carbon Black states.

This supports the theory that breaches like Marriot Hotel Group hack, which involved criminals spending more than four years inside the company's system to steal 500 million customer data records over that time, may not be isolated attacks.
Tom Kellermann, chief cyber-security officer at Carbon Black said:

"It appears there had been unauthorised access to the Starwood network since 2014, demonstrating that attackers will get into an enterprise and attempt to remain undetected.

"A recent Carbon Black threat report found that nearly 60 per cent of attacks now involve lateral movement, which means attackers aren't just going after one component of an organisation - they're getting in, moving around and seeking more targets as they go."

Carbon Black's report also found that more than half of attackers now use their victim primarily for a practice known as "island hopping".

"In these campaigns, attackers first target an organisation's affiliates, often smaller companies with immature security postures and this can often be the case during a merger or acquisition," said Kellermann.

"This means that data at every point in the supply chain may be at risk, from customers, to partners and potential acquisitions."

Forrester analyst Enza Iannopollo has also called the Marriott breach an attack with "the potential to trigger the first hefty GDPR fine". "The ingredients are all here," said Iannopollo.

"The volume of personal data exfiltrated, more than 500 million customers, the sensitivity of the data, potentially including customers' passport details, name, address, and even encryption keys, and the length of the breach which started in 2014."

Computing:        Washington Post:

You Might Also Read:

Breaking Down Hotel Cybersecurity:

 

 

« AI Will Create Employment And Generate New Skills
Russian Hackers Are Using Brexit To Leverage Cyber Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

SecureWorks

SecureWorks

SecureWorks provides intelligence-driven security solutions for organizations to prevent, detect, rapidly respond and predict cyberattacks.

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

Digital Hands

Digital Hands

Digital Hands is an award-winning managed security services provider.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Naoris Protocol

Naoris Protocol

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

CyberCyte

CyberCyte

CyberCyte provides a disruptive built-in integrated physical, network and perimeter security solution framework.

CyberCatch

CyberCatch

CyberCatch provides an innovative cybersecurity Software-as-a-Service (SaaS) platform designed for SMBs.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.