Marriott Hack- 500m Data Records Exposed

Uploaded on 2018-12-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Security experts alarmed by the scope of a data breach at the Marriott hotel empire worry that stolen information on specific hotel stays could be used for burglary, espionage or reputational attacks.

Hackers stole information on as many as 500 million guests of the Marriott hotel empire over four years, obtaining credit card and passport numbers and other personal data, including arrival and departure dates.

The crisis quickly emerged as one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.

Nearly 60 per cent of cyber-attacks target multiple components on an organisation's network, research from security firm Carbon Black states.

This supports the theory that breaches like Marriot Hotel Group hack, which involved criminals spending more than four years inside the company's system to steal 500 million customer data records over that time, may not be isolated attacks.
Tom Kellermann, chief cyber-security officer at Carbon Black said:

"It appears there had been unauthorised access to the Starwood network since 2014, demonstrating that attackers will get into an enterprise and attempt to remain undetected.

"A recent Carbon Black threat report found that nearly 60 per cent of attacks now involve lateral movement, which means attackers aren't just going after one component of an organisation - they're getting in, moving around and seeking more targets as they go."

Carbon Black's report also found that more than half of attackers now use their victim primarily for a practice known as "island hopping".

"In these campaigns, attackers first target an organisation's affiliates, often smaller companies with immature security postures and this can often be the case during a merger or acquisition," said Kellermann.

"This means that data at every point in the supply chain may be at risk, from customers, to partners and potential acquisitions."

Forrester analyst Enza Iannopollo has also called the Marriott breach an attack with "the potential to trigger the first hefty GDPR fine". "The ingredients are all here," said Iannopollo.

"The volume of personal data exfiltrated, more than 500 million customers, the sensitivity of the data, potentially including customers' passport details, name, address, and even encryption keys, and the length of the breach which started in 2014."

Computing:        Washington Post:

You Might Also Read:

Breaking Down Hotel Cybersecurity:

 

 

« AI Will Create Employment And Generate New Skills
Russian Hackers Are Using Brexit To Leverage Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Silicom Denmark

Silicom Denmark

Silicom Denmark is a premier developer and supplier of FPGA-based interface cards for cyber-security, telecommss, financial trading and other sectors.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

RIGCERT

RIGCERT

RIGCERT provides training, audit and certification services for multiple fields including Information Security.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER)

US Marine Corps Forces Cyberspace Command (MARFORCYBER) conducts full spectrum military cyberspace operations in order to enable freedom of action in cyberspace and deny the same to the adversary.

Coralogix

Coralogix

Coralogix are rebuilding the path to observability using a real-time streaming analytics pipeline that provides monitoring, visualization, and alerting capabilities without the burden of indexing.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

Evolve Business Group

Evolve Business Group

Evolve is an independently-owned managed network solutions provider, creating bespoke packages for customers globally since 2005.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.