Marriott reveals data breach of 500 million Starwood guests

[pat98]

source here

and here

...
For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.

Marriott warns that it can't confirm if the hackers were able to decrypt the credit card numbers
...

Another huge data security breach!
Wondering what will be the impact?
:noidea:
People staying at some Starwood's hotel when they weren't supposed to be? and obviously much more "side" effects...

 

[EagerBeaver]

I read about this and it's really unbelievable. I don't know how much money they are putting into internet security but my guess is not enough. Hotels will have to learn the hard way. All businesses are susceptible to breaches and have to invest in security.

 

[jalimon]

I would have never guess Marriott had 500 millions customer! I would suspect that is their entire database that got hacked. I am part of it for sure stayed at their hotel so many times.

What we do not know is where did the hack come from. Was is a third party breach... As it happens so often. Big company outsource part of their IT service to week 3rd party... Happens often.

 

[pat98]

@EB: trust me it needs a lot of money indeed to protect sensitive data!
BUT more specifically, it is more about having IT people all security trained in every aspect of their job...
That is the hardest part!
Specifically with a "old" company (as in more than 20y existence)

______________________________________________________________________________
NEXT news about this hack...
source:
https://nationalpost.com/news/world/china-is-lead-suspect-in-marriott-hack-that-exposed-500-million-guests-personal-data-report
https://ca.reuters.com/article/topNews/idCAKBN1O504D-OCATP


A massive hack into hotel group Marriott International may have been an intelligence-gathering operation by China’s government, Reuters cited unidentified sources as saying.

Private investigators found hacking tools, techniques and procedures that featured in past attacks attributed to Chinese hackers, according to the report. But other parties have access to the same tools, meaning China can only be described as lead suspect, Reuters’ sources said.

“Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” a Marriott spokesperson told Bloomberg News by email. “We have no information about the cause of this incident and we have not speculated about the identity of the attacker.”

Marriott is tallying the cost of one of the biggest corporate hacks in history, which exposed the personal data of some 500 million guests through a breach of its Starwood Hotels and Resorts reservation system from 2014. A Chinese connection might be less significant for the company than for the U.S. government, which is clashing with the rising super-power over technology and trade.

Identifying the culprit is even harder because investigators suspect multiple hacking groups may have simultaneously been inside Marriott computer networks since 2014, Reuters quoted one of the sources as saying.

The incident will seem less of a failure on Marriott’s part if the Chinese government turns out to be the perpetrator, James Lewis, director of the technology policy program at the Center for Strategic and International Studies, told Bloomberg News. “No corporation can take on a government and expect to win,” he said.

China foreign ministry spokesman Geng Shuang, speaking at a regular press briefing Thursday, said that while he wasn’t aware of the specific case, “I believe China firmly opposes and cracks down on all forms of hacking. We firmly oppose any groundless accusations on the issue of cyber security.”

The hotel group disclosed the attack last week.

 

[Thor Jr]

I recently received an email from the starwood organization describing in detail what they were going to do and what i should do on my end. I am not too worried about it for now. But it was a lengthy email. And like any important email, it began with "Dear Valued Guest", how nice. lol

 

[jalimon]

me too i received the email. 7 days later.. my cc card has change since and no beautiful other men’s princess was in the room with me... unfortunately

cheers,