One ginormous hack!
The scale of the hack - said to be the second largest ever! - at Marriott Hotels is appalling...... and the company seemingly wanting, severely, in securing its data. The hack goes back as far as 4 years. The ramifications are enormous. Yet again, trying to rely on others to secure data relating to ourselves, is found severely deficient. Just imagine the mischief which will flow from this hack...The Wall Street Journal reports:"Marriott International on Friday disclosed one of the biggest data breaches in history, a hack in the reservation database for its Starwood properties that may have exposed the personal information of up to 500 million guests.News of the attack—rivaled only by the theft of information in 2013 and 2014 from internet company Yahoo—roiled customers of the world’s largest hotel company and lowered its stock price.
In addition to the size of the Marriott exposure, security analysts say the range of customer data potentially compromised—such as passport numbers, travel details and payment-card data—make the breach even more sensitive. Numerous regulators in the U.S. and abroad said they are monitoring the situation.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” said Marriott Chief Executive Arne Sorenson, who led the company’s $13.6 billion acquisition of Starwood Hotels & Resorts Worldwide in 2016.
Marriott warned that for roughly two-thirds—or 327 million—of the guests potentially affected, an unauthorized party may have gained access to names, passport numbers and travel details. The company said that in some cases payment-card numbers are typically encrypted, though it couldn’t rule out that card information was stolen.
The company found the hacker had copied the information and encrypted it for extraction before attempting to steal it, though it wasn’t until Nov. 19 that Marriott was able to determine what information may have been accessed.Marriott said it has been working with law enforcement and regulatory authorities regarding the breach.A Federal Bureau of Investigation spokeswoman said the agency is tracking the situation and by late Friday attorneys general in several states, including New York, Illinois and Massachusetts, said they had opened investigations.
The Marriott hack joins a list of breaches to hit the hospitality industry in recent years. Security analysts say the industry is a ripe target for criminal actors because of the wealth of financial and other information flowing through payment and reservation systems. It also is a highly fragmented business, in which large companies such as Marriott and Hilton Worldwide Holdings Inc. largely license their brands to property owners who manage the hotels.In 2015, Starwood said hackers had stolen payment-card information during a data breach that lasted nearly eight months at 54 locations. Hilton, InterContinental Hotels Group and the Trump Hotel Collection also have reported data breaches in recent years.
Based on the number of individuals potentially affected, only Yahoo’s breach in 2013—impacting three billion people, or nearly the entirety of Yahoo’s user base—may be bigger, security analysts said. The hack of Yahoo in 2014 involved roughly 500 million people.
Hackers often root through computer networks for years without detection. That can make investigating a breach more difficult, as companies often don’t retain the full history of systems and network-traffic logs, said Blake Darche, co-founder and chief security officer at the cybersecurity company Area 1 Security."