Mariott’s Starwood 500 million data exposed in data breach

Marriott

Have you not upgraded your website to HTTPS yet? Upgrade NOW.

Google with its Chrome 68 update to show all HTTP websites as NOT SECURE. Avoid Google's penalty by installing an SSL Certificate. Get a DigiCert Standard SSL and secure your website at just $157/year. BUY NOW

ADVERTISEMENT
DAILY BRIEF
Get daily updates straight in your inbox.

The recent measures were taken by Mariott to investigate and speculate the data security incident which involved the Starwood guest reservation database.

On Nov 19, it was recorded that there was an unauthorized access to the database which had the personal information of the guests regarding the reservations at the Starwood properties on or before September 10.

Marriott also received an alert from the internal security tool that there had been an attempt to access the database of the reservations of the guests in the US. The investigation started and there had been experts to determine the functioning.  The company discovered that an authorized party had copied and encrypted the information and further removed it. On Nov 19, Mariott was able to decrypt the information and mentioned that the contents belonged from the Starwood guest reservation database.

However, the duplicate information had not been identified completely but it contained the information of around  500 million guests who made the reservation. For 327 million of these contained the personal information regarding the names, mailing address, contact details, e-mail address, passport numbers, Starwood Preferred Guest(“SPG”), account information, date of birth, reservation date, arrival-departure information, communication preferences. The information also includes Payment card expiration dates. However, the payment card numbers were encrypted using the Advanced Encryption Standard encryption. There were two components required to decrypt the payment card numbers and Mariott had not been able to rule out of the possibility that both were taken. For other guests, it was limited to the name and other data like the mailing address, email address etc.

Mariott reported to the law enforcement and continued to support the investigation.

The Chief Executive officer and Mariott’s President was deeply sorry about this incident and were saddened by the fact that they couldn’t provide the best services for their guests. However, they are learning from their lessons and trying to support the guests by hoping for a better future.

Mr. Sorenson continued that Marriott is reaffirming the commitment to the guests around the world and ensuring that the guests have answers to question about the personal information with the dedicated website and the call center. They will continue to support the laws of enforcement and work with the security experts to improve their management. They are also devoting the resources to phase out the Starwood systems and are accelerating to the ongoing security enhancements to the network.

In light of recent events, Marriot has taken elaborate steps to monitor and protect the privacy of its guests.

A dedicated website and a 24/7 Call Centre servicing in multiple languages, where you can inquire about this incident. The FAQ section of the website is updated from time to time.

An Email notification service has also been started which will be utilized to send emails on a rolling basis starting 30th November 2018 to affected guests whose emails are in the Starwood reservation database.

Along with that, some extra measures have been taken for more advanced protection, notably a Free WebWatcher Enrollment service for a year. WebWatcher monitors internet sites where personal information is shared and generates an alert to the customer if evidence of the consumer’s data is found. However, this won’t be available in all Countries. US customers will additionally be provided fraud consultation services and reimbursement coverage for free.

Via: CNBC

Mariott's Starwood 500 million data exposed in data breach