Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach

The Marriott International hotel chain has fallen victim to its second major data breach in as many years, after information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property.

Compromised information may involve contact details, including postal and email addresses and phone numbers; information relating to customer loyalty accounts, but not passwords; personal details such as employers, gender and birth dates; partnerships and affiliations, such as details of linked airline loyalty programs; and guest preferences, such as room preferences and languages.


EXPERTS COMMENTS
Tim Sadler, CEO,  Tessian
April 03, 2020
Contact the hotel directly to verify whether the request is legitimate.
Marriott customers should now be alert to the fact that they could receive targeted phishing scams from hackers impersonating the hotel group, leveraging the information they have stolen to steal payment details or account passwords. If you receive a suspicious email that asks you to carry out an urgent action, do not comply with the request, click the link or download any attachments. Contact the ....
[Read More >>]
Becky Nicholson, Data Privacy Consultant,  Bridewell Consulting
April 02, 2020
Technical defence is still paramount, and in particular, regular penetration testing is vital.
With the sheer volume of data breaches in recent time, we’re at risk of becoming numb to the danger these attacks pose. All organisations, including Marriott International, must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-facto ....
[Read More >>]
Chris DeRamus , VP of Technology Cloud Security Practice,  Rapid7
April 02, 2020
As such, hospitality organizations are an attractive target for cybercriminals.
Hotels collect personally identifiable information (PII) and other highly sensitive data on their guests. As such, hospitality organizations are an attractive target for cybercriminals. This is Marriott’s second major breach reported in recent years, and this time, the breach appears to have occurred due to compromised employee credentials. While this breach didn’t affect nearly as many hotel ....
[Read More >>]
Andrew Hollister, Director,  LogRhythm
April 02, 2020
This is a significant improvement in time to detect and respond to a data breach.
A global company like Marriott, which collects massive amounts of personal information about its guests, will always be an attractive target for bad actors. Whilst this is the second data breach Marriott has reported in the last two years, there are some positives to draw from the statement released today. In the previous incident in 2018, Marriott detected signs of unauthorized activity going ....
[Read More >>]
Rahul Kashyap, President and CEO,  Awake Security
April 01, 2020
Marriott seems to have spotted outlier activity, but this is likely becoming more difficult as work habits shift due to the Covid-19 pandemic.
The Marriott breach is an example of how every attack these days is an insider attack in some way—whether the insider is acting maliciously themselves, or has had their credentials stolen. Most organizations lose the battle against insider attacks when it comes to the time it takes them to discover the threat since the actions often blend in with normal day-to-day activities. To Marriott’s cre ....
[Read More >>]
Ameesh Divatia, Co-Founder & CEO,  Baffle
April 01, 2020
Repeated breaches at a single company shows that data protection is not taken as seriously as it should be.
While it may come as no surprise that breaches continue to happen, the fact that the same organization is sustaining repeated breaches is strong evidence that the modern-day data access channel remains unprotected. Today’s threat model requires organizations to protect information in a data-centric manner, and by and large, many organizations are simply not protecting data in that manner. ....
[Read More >>]
Ameet Naik, Security Evangelist ,  PerimeterX
April 01, 2020
The data stolen from this breach will invariably make it to the dark web and further fuel this cycle of ATO attacks.
Account takeover (ATO) attacks are a major threat to any business. It is much simpler and lucrative to walk in through the front door with valid stolen credentials than to look for holes in an organization's cybersecurity defenses. With the vast volume of stolen credentials out there, hackers launch credential stuffing attacks using automated bots. Eventually they find a username and password that ....
[Read More >>]
Chris Morales, Head of Security Analytics,  Vectra
April 01, 2020
Vectra research shows that privileged access from unknown hosts occurs inside every industry.
Vectra research shows that privileged access from unknown hosts occurs inside every industry, leading to unintended exposure of critical systems. Yet these privileged accounts rarely receive direct oversight or technical control of how they are used, even when privileged access management tools are in place. It is this lack of oversight or understanding of how privileged accounts are being used th ....
[Read More >>]
Charlie Wedin, Partner,  Osborne Clarke
April 01, 2020
This will be unwelcome news for Marriott, particularly coming so quickly after the Information Commissioner's Office's announcement.
This will be unwelcome news for Marriott, particularly coming so quickly after the Information Commissioner's Office's announcement, in July 2019, of its intention to fine Marriott the record-breaking sum of £99 million under GDPR for a previous security incident. In light of this recent history, if this latest incident stems from weak security measures (whether technical or organisational), we c ....
[Read More >>]
Gerrit Lansing, Field CTO,  STEALTHbits Technologies
April 01, 2020
Simply: the more I know about you, the better chance I have of fooling you.
The kinds of information disclosed in the latest Marriott breach might seem innocuous, but it is precisely this kind of intelligence that enables threat actors to better target attacks on consumers. Simply: the more I know about you, the better chance I have of fooling you. Compromised credentials remain one of the top vectors for this kind of compromise, and strong authentication before accessing ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
April 01, 2020
Marriott's disclosure today regarding a hack of their network started in January
We're in an unprecedented time in recent memory, and while Marriott's disclosure today regarding a hack of their network started in January, well before the world's attention shifted to COVID-19, this should be a stark reminder to every corporation that hackers don't sleep under any circumstances. In the old days we used to say that “loose lips sink ships,” but in this day and age “a loose c ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
April 01, 2020
Those credentials provided access to guest services within individual properties under the Marriott brand.
This data breach at Marriott International highlights the importance of performing a detailed threat model on business operations and then implementing appropriate monitoring controls to ensure that threat vectors can be quickly identified. In this case, the attack vector was via compromised employee credentials. Those credentials provided access to guest services within individual properties unde ....
[Read More >>]
Samantha Humphries, Security Strategist ,  Exabeam
April 01, 2020
This means gaining a clear understanding of the normal behaviours of everyone that accesses your network.
If there is something positive to say about this breach notification, it’s that Marriott’s security team seems to have minimised the attacker’s dwell time to a little over a month. While still significant, 5.2 million compromised guests is a drastic reduction from almost half a billion the last time this organisation identified an attack. Despite this improvement – if we can call it that ....
[Read More >>]
Rosemary O\'Neill, Director - Customer Delivery,  NuData Security
April 01, 2020
It is unfortunate that Marriott was hit again.
It is unfortunate that Marriott was hit again. In a time when travel companies are seeing their traffic go down, bad actors can still use the stolen information against other companies where those same customers transact. This news needs to remind merchants and other companies transacting online that their systems are never entirely safe from breaches, brute force attacks, account takeovers, and p ....
[Read More >>]
Ed Macnair, CEO ,  Censornet
April 01, 2020
While account takeover attacks can be devastating, there is a straightforward way to protect against them.
This attack leaves Marriott International red faced over a security breach once again. For everyone else, it is an important lesson in how a relatively simple attack technique - account takeover - can have wide ranging and extremely costly effects. In this case, costs to the tune of 5.2 million customers' data stolen. Account takeover is basically modern day identity theft - criminals hijack an e ....
[Read More >>]
Michael Magrath, Director, Global Regulations & Standards,  OneSpan
April 01, 2020
In 2019 Marriott is expected report about $3.8 billion (USD) in global turnover (revenues).
For Marriott International this breach probably couldn’t have come at a worse time as the near shutdown of the global travel and hospitality industries have adversely Marriott’s revenue projections. While Marriott felt the pain of a £99m GDPR fine for the Starwood breach, as a two-time offender with incidents relatively close apart, the regulators may come down hard on Marriott. If deemed a s ....
[Read More >>]
Alyn Hockey, VP of Product Management ,  Clearswift
April 01, 2020
Smart cyber security relies on people, process and technology. If any one of these is missing, then the organisation will be vulnerable.
“Successful cyber security is not just a question of investing in the latest software, it’s about a combination of people, processes and technology. If an organisation is lacking any one of these three, then they will be vulnerable.” “The fact that this breach began in mid-January and was only discovered and halted by the end of February is really not good. It then took a further month to ....
[Read More >>]
Will LaSala, Director of Security Services, Security Evangelist ,  OneSpan
April 01, 2020
Instead, organizations should look to implement risk-based tools that adapt to the changes.
As a Marriott customer myself, it is very disheartening that they apparently did not learn from their first missteps. Security is easily overlooked and often misplaced trust leads to failures such as this. Large organizations can often find it difficult to implement a one-size fits all authentication and security plan. From my experience, a one-size fits all approach never works and seems to leave ....
[Read More >>]
Casey Ellis, CTO and Founder,  Bugcrowd
April 01, 2020
The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security.
Like the OPM, Anthem, Dulles and the 2018 Marriott breach, this breach is just another in a long string of attacks targeting US officials. Think about it, officials from the NSA, CIA, FBI, DoD stay at Marriott hotels, including possibly diplomats, business people or intelligence officials as they travel around the globe. The FBI’s investigation into the 2018 Marriott Breach concluded that the at ....
[Read More >>]
James McQuiggan, Security Awareness Advocate,  KnowBe4
April 01, 2020
An outlier in activity this high should have definitely been cause for an immediate investigation by the security team.
Marriott has stated that the breach stemmed from two compromised employee accounts. This highlights the criticality of multifactor authentication, passwords simply aren’t enough. It took Marriott over a month to detect that the attackers had access to their systems and a further month to alert customers. During this time, the attackers could have leveraged their access to at least 5.2 million ....
[Read More >>]
Peter Goldstein, CTO and Co-founder,  Valimail
April 01, 2020
If successful, this can lead to account takeover, identity theft and other scams that may affect an individual for years to come.
It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks. For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand imperson ....
[Read More >>]
Dr. Vinay Sridhara, CTO,  Balbix
April 01, 2020
In this most recent case, compromised login credentials have given intruders insider’s access.
Marriott’s data breach in 2018 that compromised information of as many as 383 million guests and resulted in a $123 million fine, stood as one of the largest to occur by number of records exposed. Today, the multinational hospitality company has suffered yet another breach, showcasing how the company still lacks proactive security strategies that identify and address vulnerabilities that put the ....
[Read More >>]
Stuart Reed, VP ,  Nominet
April 01, 2020
The recent Marriott security incident potentially indicates that this lack of confidence is warranted.
News today that Marriott has been hit again by a security breach raises the question of what should be done after a company suffers an incident. Highlighting potential vulnerabilities but also showcasing the importance of investment, the steps taken after a breach are often crucial to alleviating reputational damage and securing the data of customers in the future. In our research, we have found t ....
[Read More >>]
Bob Rudis, Chief Data Scientist,  Rapid7
April 01, 2020
Current disruptions in traditional work patterns also increase the likelihood of more frequent and clever attacks occurring every day.
If there is an insight to be gleaned from the recent, second breach at Marriott International that is to remain vigilant for new attacks even if you've just experienced one. Successful phishing campaigns can happen to anyone and any organisation, and the use of stolen, legitimate credentials is still one of the most popular attack vectors for our adversaries. Current disruptions in traditional w ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article