Marriott Hack- 500m Data Records Exposed

Security experts alarmed by the scope of a data breach at the Marriott hotel empire worry that stolen information on specific hotel stays could be used for burglary, espionage or reputational attacks.

Hackers stole information on as many as 500 million guests of the Marriott hotel empire over four years, obtaining credit card and passport numbers and other personal data, including arrival and departure dates.

The crisis quickly emerged as one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.

Nearly 60 per cent of cyber-attacks target multiple components on an organisation's network, research from security firm Carbon Black states.

This supports the theory that breaches like Marriot Hotel Group hack, which involved criminals spending more than four years inside the company's system to steal 500 million customer data records over that time, may not be isolated attacks.
Tom Kellermann, chief cyber-security officer at Carbon Black said:

"It appears there had been unauthorised access to the Starwood network since 2014, demonstrating that attackers will get into an enterprise and attempt to remain undetected.

"A recent Carbon Black threat report found that nearly 60 per cent of attacks now involve lateral movement, which means attackers aren't just going after one component of an organisation - they're getting in, moving around and seeking more targets as they go."

Carbon Black's report also found that more than half of attackers now use their victim primarily for a practice known as "island hopping".

"In these campaigns, attackers first target an organisation's affiliates, often smaller companies with immature security postures and this can often be the case during a merger or acquisition," said Kellermann.

"This means that data at every point in the supply chain may be at risk, from customers, to partners and potential acquisitions."

Forrester analyst Enza Iannopollo has also called the Marriott breach an attack with "the potential to trigger the first hefty GDPR fine". "The ingredients are all here," said Iannopollo.

"The volume of personal data exfiltrated, more than 500 million customers, the sensitivity of the data, potentially including customers' passport details, name, address, and even encryption keys, and the length of the breach which started in 2014."

Computing:        Washington Post:

You Might Also Read:

Breaking Down Hotel Cybersecurity:

 

 

« AI Will Create Employment And Generate New Skills
Russian Hackers Are Using Brexit To Leverage Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

SecurePay

SecurePay

SecurePay is Australia's premier payment gateway, with a range of secure online payment solutions for online retailers, SMEs and enterprise businesses.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

NightDragon

NightDragon

NightDragon is a venture capital firm investing in innovative growth and late stage companies within the cybersecurity, safety, security, and privacy industry.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Open Data Security (ODS)

Open Data Security (ODS)

Open Data Security is a market leader in the information security sector, offering services to companies, governments and individuals, helping them shield from hackers and cyber attacks.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Mosyle

Mosyle

Businesses and educational institutions rely on Mosyle to manage and secure their Apple devices and networks.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

Iolo

Iolo

Iolo develops patented technology and award-winning software that repairs, optimizes, and protects computers, to maximize system speed and performance while keeping them safe.