Have you stayed at a Marriott this past summer? Ongoing investigations are uncovering the details of the latest data breach impacting about 500 million people.
Dated As Far Back As…2014?
The breach was found on September 10, 2018 but unauthorized access to the guest databased could have been accessed as far back as 2014.
“For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,” Marriott said in a statement released early Friday morning.
Marriott’s Data Encryption
Marriott said the intruders encrypted information from the hacked database so they can avoid detection by any data-loss prevention tools when removing the stolen information from the company’s network. Their efforts to decrypt the data set was not completed yet, but the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.
Customer payment card data was also protected by encryption technology, but Marriot can’t be sure if the attackers obtained the encryption keys necessary to decrypt the data.
As there is speculation as to when in 2014 did the Marriot data breach occur, Starwood disclosed its own breach in November 2015 involving more than 50 properties, just before being acquired by Marriott.
Back in 2015, Starwood said “the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of its guest reservations or membership systems.”
Marriott said that their network appeared to be working fine and unaffected by this four-year data breach. So far the investigation only identified unauthorized access to the separate Starwood network.
Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program.
Marriot is offering impacted guests in the United States, Canada, and the United Kingdom a free year’s worth of service from WebWatcher. This company assists in monitoring the cybercrime underground for signs that customer data is being traded or sold on the Dark Web.
Original Article Found Here.