Marriott Hack- 500m Data Records Exposed

Security experts alarmed by the scope of a data breach at the Marriott hotel empire worry that stolen information on specific hotel stays could be used for burglary, espionage or reputational attacks.

Hackers stole information on as many as 500 million guests of the Marriott hotel empire over four years, obtaining credit card and passport numbers and other personal data, including arrival and departure dates.

The crisis quickly emerged as one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.

Nearly 60 per cent of cyber-attacks target multiple components on an organisation's network, research from security firm Carbon Black states.

This supports the theory that breaches like Marriot Hotel Group hack, which involved criminals spending more than four years inside the company's system to steal 500 million customer data records over that time, may not be isolated attacks.
Tom Kellermann, chief cyber-security officer at Carbon Black said:

"It appears there had been unauthorised access to the Starwood network since 2014, demonstrating that attackers will get into an enterprise and attempt to remain undetected.

"A recent Carbon Black threat report found that nearly 60 per cent of attacks now involve lateral movement, which means attackers aren't just going after one component of an organisation - they're getting in, moving around and seeking more targets as they go."

Carbon Black's report also found that more than half of attackers now use their victim primarily for a practice known as "island hopping".

"In these campaigns, attackers first target an organisation's affiliates, often smaller companies with immature security postures and this can often be the case during a merger or acquisition," said Kellermann.

"This means that data at every point in the supply chain may be at risk, from customers, to partners and potential acquisitions."

Forrester analyst Enza Iannopollo has also called the Marriott breach an attack with "the potential to trigger the first hefty GDPR fine". "The ingredients are all here," said Iannopollo.

"The volume of personal data exfiltrated, more than 500 million customers, the sensitivity of the data, potentially including customers' passport details, name, address, and even encryption keys, and the length of the breach which started in 2014."

Computing:        Washington Post:

You Might Also Read:

Breaking Down Hotel Cybersecurity:

 

 

« AI Will Create Employment And Generate New Skills
Russian Hackers Are Using Brexit To Leverage Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Malware Patrol

Malware Patrol

Malware Patrol provides intelligent threat data that protects against cyber attacks.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

Secura

Secura

The Secura Cyber Security and Intelligence system predicts and prevents security threats by discovering hidden patterns through the meticulous analysis of large amounts of data.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Cyber Security Advisor

Cyber Security Advisor

Notice how sophisticated the cybersecurity market is. Think how would you pick the security provider, assess your company, and be sure of your security decisions? Cyber Security Advisor is the answer!

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

PNGCERT

PNGCERT

PNGCERT is the national Computer Emergency Response Team (CERT) for Papua New Guinea.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Riskonnect

Riskonnect

Riskonnect technology empowers organizations with the ability to anticipate, manage, and respond in real-time to strategic, operational, and digital risks across the extended enterprise.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

APCERT

APCERT

APCERT cooperates with CERTs and CSIRTs to ensure internet security in the Asia Pacific region, based around genuine information sharing, trust and cooperation.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.