It seems not a week goes by these days without news breaking of another massive data breach affecting hundreds of millions of people. At the end of November 2018, Marriot, the global hotel chain, announced they had been hacked and the personal information of five hundred million preferred customers had been exposed to criminals. What’s worse, Marriott announced the original data breach occurred over four years ago, leaving people unknowingly at risk for identity theft during that time.
A Data Breach Goes Unnoticed For Years
The hack actually occurred on the reservation system used by Starwood Hotels back in 2014. Marriot purchased Starwood in 2016. Apparently, Marriott’s due diligence review of the Starwood’s information security architecture failed to discover the breach at that time. The breach is particularly sensitive given that cyber criminals were able to view highly sensitive information such as passport numbers as a result of the breach. This website is available with more details and continues to be updated.
Who Breached The System?
Several agencies have raised the possibility that the Marriott breach was the result of a Chinese intelligence agency. These reports point to the patient nature of the attackers and the fact that the breach took so long to discover. Intelligence agencies could gain key insights into the travel activities of high ranking personnel in both the private and public sector around the world. This remains unconfirmed and the Chinese government denies it.
What All Businesses Can Take Away- Aside From Improving Cyber Security Practices
Regardless of the perpetrators responsible, the breach highlights a number of concerning areas for businesses in the modern world. For one, the increasing cost of these breaches should send shivers down the spine of any business storing the personal information of customers. Analysts have estimated the total price tag for Marriott to respond to the breach adequately might breach one billion dollars. Fines alone might equal $400 million.
Taking On The Baggage During An Acquisition
It also highlights the increasing need for companies to ensure they are performing air-tight due diligence during mergers and acquisitions. Reviewing a company’s information security, its databases, and all relevant information is necessary to avoid a nasty surprise such as this. Sufficient due diligence in this area could have literally saved Marriott a billion dollars.
Rising Costs For All Industries, All Business Sizes
Ultimately, though, the increasing prevalence and costs of these breaches foreshadow even more aggressive legislation by governments around the world to try and force companies to keep up to date with their cybersecurity. The European Union enacted its General Data Protection Regulation, more commonly referred to GDPR, recently. Senators in the United States are making noise about pushing a similar measure in the U.S.
These types of hacks and breeches are not going away. They will only increase in frequency and increase in cost. Companies need to be doing everything appropriately within their power to protect their systems. They can’t afford not to.