What You Can Learn from the Starwood-Marriott Breach
Last month a massive worldwide data breach was revealed – Starwood-Marriott hotels exposed half a billion data-rich records in one of the largest incidents ever, in any industry.
While this may be the largest hospitality breach, it is certainly not the first. Let’s review the past several years:
- March 2015: Mandarin Oriental Hotel Group confirms its hotel database has been breached.
- October 2015: The Trump Hotel Collection admitted to a year-long credit card system breach – one that had been suspected and reported on by outside security experts, but took several months for the company to acknowledge.
- November 2015: In what was perhaps an episode of foreshadowing, Starwood announced the discovery of credit-card stealing malware on point-of-sale cash registers in a number of its North American properties.
- December 2015: Hyatt acknowledges that since August cyber thieves had been stealing credit card information from 250 properties in approximately 50 countries.
- April 2016: Trump Hotels discloses another credit card system breach.
- July 2016: Kimpton Hotels begins an investigation into a possible system breach; two months later Kimpton acknowledges that data was stolen in the first six months of the year.
- February 2017: InterContinental confirms a breach at 12 properties; two months later, it discloses that more than 1,000 properties may have been compromised through malware on POS machines on site.
- July 2017: A third Trump Hotels breach is announced, this one tied to a significant payment and customer breach at the massive travel industry data services provider Sabre Corp.
- October 2017: Hyatt announces a second breach in less than two years, this time at more than 40 properties across 11 countries.
And now, the Starwood-Marriott breach – precipitated by the challenging merger of the two already-giant hotel chains after Marriott purchased Starwood for more than US$13bn. And just days after the merger was announced, Starwood disclosed a security breach that had been going on since 2014. This was different from their 2015 breach that involved POS credit-card stealing malware; this 4+ year cyber breach allowed unauthorized access into its reservation system.
What can you, as a consumer or business owner learn from this? First, that cyber breaches are often not readily apparent – your data may have been stolen years ago. And that cyber breaches are not always of systems you may consider threatening. Your hotel loyalty program, for example, may not be of high concern, but when it is tied in to reservation systems that also manage credit card data, the danger is much more apparent.
Keep a close watch on all of your credit card data – for yourself and any employees who might carry your corporate card. Make sure passwords, especially for any program that might include or expose credit card data (this would include virtually any retail or hospitality loyalty program), are changed frequently.
And, get protection on your personal devices and company systems. Blutone Technologies’ My Personal Helpdesk system is a flexible concierge service that watches your devices 24/7, giving you peace of mind and a much quicker notification than you will ever get from a large corporation breach that may not be discovered for months or years. Get in touch for more information.