According to security experts, from the FBI to Forbes, the Marriott Hotel’s data breach is the second largest data breach in technology history only eclipsed by Yahoo’s 2013 blunder. The event was a result of a merger between Starwood Hotels and Marriott in 2016.The reservation system used by Starwood was poorly secured and hackers managed to maintain access, for four years, until it was identified and yet it wasn’t actioned. Furthermore, since news of the breach became public, the IT team at Marriott was subsequently hit by a cyber attack in June 2017 – all of which points towards a problematic cyber security regime within Marriott Hotels.
However, according to the MIT Technology Review and the New York Times, state-sponsored actors are behind the Marriot cyber-attack:
“The US suspects the hackers work on behalf of China’s Ministry of State Security, and that they’re part of a massive data-mining exercise designed to identify American spies and Chinese citizens who work for them. Data from US security-clearance forms would be especially useful for this task, as would information about travel patterns. The Marriott group is the biggest hotel provider for US government and military personnel.”
The loss of 500 million guests’ data is a significant event. The state-sponsored dynamics of the scandal makes it a digital security catastrophe. However, data leadership shouldn’t think about such scandals as something that only happens to big fish. This could, and can, happen to even the smallest of micro businesses. Norton offers SME’s useful advice to help provide good cyber-hygiene within their organisations – the resources include patch update news, rights for software/hardware products and other tools to help keep your IT estate safe.