Marriott Data Breach – What Happened and Commentary

0

What Happened?

Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott quickly engaged leading security experts to help determine what occurred. Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014. Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it. On November 19, 2018, Marriott was able to decrypt the information and determined that it was from the Starwood guest reservation database.

Official Kroll Advisory – Visit https://answers.kroll.com/?gclid=Cj0KCQiA6JjgBRDbARIsANfu58FK0aGVpdVRDQSbGdSK_Erl0lMt0jOMyBMiCCCictHJvuPodpcpiawaAs-bEALw_wcB&gclsrc=aw.ds

Marriott Date Breach: Sophos & ISACA Commentary

John Shier, senior security advisor, Sophos writes: The potential fallout from the Marriott’s Starwood data breach should be alarming to anyone who has stayed at a Starwood property in the last 4 years. Not only are guests at risk for opportunistic phishing attacks, but targeted phishing emails are almost certain, as well as phone scams and potential financial fraud. Unlike previous breaches, this attack also included passport numbers for some individuals who are now at increased risk for identity theft. At this point, however, it’s unclear what level of exposure each individual victim has been subject to. Until then, all potential victims should assume the worst and take all necessary precautions to protect themselves from all manner of scams. Sophos recommends these tips:

  • Be on alert for spearphishing: Marriott has said that personal details associated with the Starwood Preferred Guests accounts have been compromised, and personal email addresses are vulnerable. This creates the perfect scenario for cybercriminals to actually spearphish consumers because they have this type of detailed information
  • Be on alert for opportunistic phishing: Marriott has said it will email Starwood Preferred Guests those who may be impacted. Do not click on links in emails or other communication that seem to have come from Marriott or Starwood hotels. It’s possible that criminals will try to take advantage of this by sending malicious tweets or phishing emails that look like they’ve come from the company. Hover over URLs and links to see the address before you click. Look at the email address to see where it is from
  • Monitor your financial accounts:  Reports indicate the attackers may have access to some members’ encrypted credit card information, but it’s not clear as of yet if this information can be decrypted; in general, monitor your credit card for suspicious activity. As a safety precaution, change the password to your online credit card account. If you use the same password for similar financial management websites, immediately change the password on those websites. As a best security practice, always choose a different, strong password for each sensitive account
  • Change passwords, as a precaution: It’s not clear as of yet if the attackers have access to Starwood Preferred Guest account passwords, but as a safety precaution, consumers can change their password. If this password is also used for any financial accounts, change those immediately. Monitor your Starwood Preferred Guest account for suspicious activity
  • Don’t Google “Web Watcher”: Marriott is offering victims in the USA, UK and Canada a free, one year subscription to something it calls WebWatcher, which it describes as a service that monitors “internet sites where personal information is shared.” Don’t Google it. If you Google “WebWatcher” you won’t find the monitoring service, you’ll find lots of links to spyware of the same name. Don’t sign up for that.  Do follow the links to country-specific versions of the official breach site. You cannot sign up for monitoring from the main breach page, you have to go to the all-but-identical versions of the page for the USUK or Canada
  • For additional tips and information, please reference  the Sophos’ Naked Security article:  Huge Marriott breach puts 500 million victims at risk.”

For Raef Meeuwisse, CISM, CISA, ISACA expert speaker, and author of “Cybersecurity for Beginners”, the real question is this: could the intrusion have been detected earlier?

Although the specific mechanics of this breach have not yet been revealed, it is possible to look back at similar megabreaches. What they reveal is that stealing hundreds of millions of customer details is not a minor data leak. There will have been signs (or as cybersecurity professionals like to call them; “indicators of compromise”). There would also have been defensive processes and technologies that could have been in place.

Many companies are still underestimating the budget and resources they need to operate cybersecurity effectively. In my opinion, such organizations also underestimate the brand and share value damage that cyberattacks can create, especially when they are not dealt with swiftly and transparently.

Share.