Stolen of data
FACT NEWS #23
Marriott hotels hacked, credit card details and data of 500 million guests stolen: All you need to know
Hackers have stolen data of nearly 500 million guests who stayed at Marriott group hotels. This data includes in some cases credit card details, addresses and passport scans that people submitted to Marriott.
If you have ever stayed a Marriott hotel or a hotel that the group operates, chances are that some of your data have been stolen by hackers. According to the hotel group, its servers and database were breached, probably multiple times, before September 10 this year. In the breach data of nearly 500 million guests have been stolen, and this data in many cases includes credit card information, passport scans, addresses, phone numbers and email IDs.
On November 30, the Marriott announced that their entire chain of hotels was affected by the massive cybersecurity breach. The attack had been taking place since 2014 on Marriott's Starwood reservation system and has affected nearly 500 million guests. The group was unaware of the ongoing attack for the last four years. It found the data breach only in September this year when one of the security measures in its server alerted IT staff of an unauthorised access to the database. The hotel group has acknowledged the mistakes on its part and is trying multiple ways to ensure the stolen data isn't misused anywhere.
As of now, according to a research by the cybersecurity firm Recorded Future, the stolen data from Starwood's servers have not been spotted anywhere on the dark web - a place where hackers and cybercriminals sell data illegally in lieu of monetary benefits. Therefore, this suggests the hackers were not looking to sell the data to anyone.
That said, a lot of the data that has been stolen does pose a potential threat to the victims, including the risk of financial fraud or identity theft. Marriott confirmed the specific type of data that was lifted off from their servers - names, address, phone numbers, emails, account information, passport information, date of birth, gender and encrypted credit card details. Marriott also hinted that there could be a chance that the hackers also captured keys to the credit card details, which means attackers carry out transactions without notifying the victims.
The Marriott group of hotels includes a number of some of the most coveted hotels in the world of hospitality. The hotels that were using Starwood's reservation system include Sheraton, Westin, W Hotels, St. Regis, Four Points, Aloft, Le Méridien, Tribute, Design Hotels, Elements and the Luxury Collection. However, the Residence Inn and the Ritz-Carlton from the chain are exempt from the attack as these operate on a separate reservation system.
What should the victims do?
If you have been a guest to the affected hotels under the Marriott group between the period of September 2014 to September 2018, first know this that Marriott claims that it is trying all the possible ways to secure your data. The group has confirmed that the people whose data has been stolen will be contacted by the hotel group, informing them of the breach and tips that can be used to keep the data secure.
Guests can head over to a dedicated website that Marriott has set on this matter or call up the group's customer care support. Additionally, Marriott is also offering a year's subscription of Web Watcher to all the guests belonging from Canada, the US and the UK. The Web Watcher service will keep an eye on the internet and alert the subscriber if it detects that the stolen information is being sold somewhere on the Internet by the hackers.
The group, however, is not giving this service to its guests in India who may have also lost their private details in this breach.
What happens next for Marriott?
While Marriott has informed law enforcement authorities in the Us about the breach and they are working to catch hold of people who hacked the Marriott servers, there is also a good chance that the hotel group may face investigation from multiple governments or regulatory bodies in the world.
In 2018, privacy is a far more touchy topic and in the wake of Cambridge Analytica scandal, that saw data of millions of Facebook users leaking to third parties, regulators across the world are clamouring for tougher penalties in case of the data breach.
Marriott has already been sued, hours after it revealed the details of the data breach. According to news reports a class action lawsuit has been filed against the Hotel group in the US, with lawyers seeking a trial by jury against Marriott for "negligence, breach of confidence, and deceptive and unfair trade practices".
Meanwhile, US Senator Ron Wyden has argued that companies that lose data of their users should see their employees going to jail. "Until companies like Marriott feel the threat of multi-billion dollar fines and jail-time for their senior executives, these companies won't take privacy seriously," he reportedly said.
If you have ever stayed a Marriott hotel or a hotel that the group operates, chances are that some of your data have been stolen by hackers. According to the hotel group, its servers and database were breached, probably multiple times, before September 10 this year. In the breach data of nearly 500 million guests have been stolen, and this data in many cases includes credit card information, passport scans, addresses, phone numbers and email IDs.
Comments
Post a Comment