Marriott reveals massive data breach affecting 500m Starwood guest records – Netwrix comments
November 2018 by Netwrix
Marriot International has today confirmed that the details of up to 500 million Starwood guests have been stolen in a data breach. Matt Middleton-Leal, Netwrix’s General Manager EMEA, has provided the following statement in response:
“Marriott has stated that it had encrypted the credit card information but that it’s possible that the hackers also took the information needed to decrypt it, which points to the encryption keys being stored on the same system. This is a very basic mistake, which appears to have had disastrous consequences for the hotel Group. Added to which, it seems that this breach may have dated as far back as 2014, which suggests that the organisation’s detection capabilities are lacking. It’s crucial that companies are able to monitor user behaviour, detect anomalies and terminate suspicious sessions in real-time.
“Organisations entrusted with a wealth of personal and financial data belonging to their customers – in Marriott’s case, this appears to include names, passport details, dates of birth and credit card information belonging to a staggering 500 million people – have a duty of care to protect this. They can and must do better to avoid basic security failings leaving their customers open to fraud.”