Marriott Data Breach
A data breach of Marriot's guest reservation system has left up to 500 million guests' data exposed and available for the taking. What is worse is that hackers may have had access to the systems for at least four years before being discovered. The hotel company released a statement on its website that hackers gained access to the Starwood reservation database. Starwood, which includes hotels like St. Regis and Sheraton, was bought by Marriott in 2016. The hackers had access to Starwoods' network as far back as 2014. Marriott said it discovered the breach on Sept. 8. The company released a statement that "The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property, Among the data that was stolen inculde names, mailing addresses, phone numbers, email addresses, date of birth, genger, and passport numbers for up to 327 million guests.
According to Robert W. Baird & Co. analyst Michael Bellisario, Marriot's biggest asset is the customers in the loyalty program and whether this has been impacted. Modern hotel companies don't own much real estate. They act as agents, connecting hotel guests to property owners through online reservation systems. Loyalty programs are especially important because members are repeat customers who book directly over the company's website, and owners don't have to pay commissions to online travel agencies.
According to Brian Krebs of KrebsonSecurity, Hotels are especially vulnerable to security breaches, because many still swipe credit cards at check in rather than using chip readers. Last year, both Hyatt Hotels Corp. the Trump hotels collection and at InterContinental Hotels Group.
Accordin to Marriot, credit card numbers and expirations dates were encrypted using AES-128 encryption. There are two parts needed to decrypt the credit card numbers and and Marriot hasn't been able to ascertain whether the decrpytion components have been compromised as well. The hotel chain has been emailing guests who were affected but there have been reports of phishing scams. What security researchers recommend is that if you receive an email, to call one of the numbers listed here.
If you are worried that your information has been breached, you should contact each of the credit bureaus and put a credit freeze on your accounts. Credit freezes will stop anyone from opening up a new line of credit using your name until you lift the freeze. You should also change your passwords and add two-factor authentication.