Here’s what you need to know about the Marriott 2020 Breach.
Marriott, the recognized hotel chain, announced yesterday that unknown actors gained unauthorized access to an internal data system. The hackers gained access to the personally identifying information of 5.2 million guests; the information compromised includes names, addresses, email addresses, phone numbers, loyalty account information, and employer information. Additionally, hackers also gained access to information such as gender, birthdates, and any linked loyalty programs i.e. airlines. At this time, Marriott does not believe that hackers accessed customers’ financial information, passports, driver’s licenses, or passwords.
According to a notification on the Marriott website, the Marriott 2020 Breach was discovered at the end of February and started sometime in mid-January. Additionally, the hack appeared to affect the Marriott loyalty app, Bonvoy.
The Marriott 2020 Breach Isn’t the First Time
If this report sounds somewhat familiar, Marriott suffered a similar data breach previously. In November 2018. A breach on its recently acquired Starwood Hotels’ databases compromised over 300 million guests’ information. This makes the 2020 breach the second Marriott suffered in 16 months.
While this breach may not seem as damaging as the 2018 one, it still may not bode well for Marriott. According to Ping Identity, 81 percent of consumers would stop engaging with a brand online after a data breach. 63 percent of consumers believe companies are responsible for protecting their data; this applies even when the users themselves fall victim to a phishing scam or similar attack. Therefore, Marriott may need to do some damage control to rebuild its reputation with customers concerned for their data security.
Experts Comment on the Marriott 2020 Breach
Anurag Kahol is the CTO of Bitglass.
“Bad actors can use the breached information to carry out highly tailored phishing attacks on impacted hotel guests or sell the data for a quick profit on the dark web. However, this security incident does not only affect Marriott’s guests but their employees as well, as cybercriminals accessed the data by using two employee login credentials. Although the hotel giant confirmed that the logins were disabled, other accounts for those users could still be in jeopardy. While it’s ill-advised, people commonly reuse passwords across multiple accounts. This means attackers can potentially gain access to a number of accounts across multiple services that their victim uses.”
“Hospitality organizations and other enterprises that store massive amounts of highly sensitive information on consumers must simultaneously defend their data against leakage as well as to authenticate their users in order to avoid breaches. Security technologies like data loss prevention (DLP), multifactor authentication (MFA), user and entity behavior analytics (UEBA), and encryption of data at rest can help ensure that customer and enterprise data is truly safe. These are considered as standard best practice solutions that all organizations should employ.”
Peter Goldstein is the CTO and co-founder of Valimail.
“It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks. For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand impersonation tactics.”
“Phishing campaigns often follow soon after breaches like this, targeting the victims with fake security warnings that look like they came from the breached company. In fact, 83 percent of phishing emails overall are brand or company impersonations. If successful, this can lead to account takeover, identity theft and other scams. As phish become increasingly hard to identify, email security solutions based on validating sender identity are a powerful defense that can help thwart these attacks at their source.”
Andrew Hollister is the Director of LogRhythm Labs.
“A global company like Marriott, which collects massive amounts of personal information about its guests, will always be an attractive target for bad actors. Whilst this is the second data breach Marriott has reported in the last two years, there are some positives to draw from the statement released today.”
“In the previous incident in 2018, Marriott detected signs of unauthorized activity going back four years. In this new case, the activity appears to have begun in January 2020 and been detected during the course of February 2020. This is a significant improvement in time to detect and respond to a data breach. Whilst a significant number of records have been breached, the reduced time to detect has no doubt contributed to the number being substantially lower than on the previous occasion.”
“This latest data breach just goes to show that continuing vigilance is required to keep reducing the time to detect and respond to threats. Real reductions in impact can be made with a focus on this issue which affects every company on the globe.”
Dr. Vinay Sridhara
Dr. Vinay Sridhara is the CTO of Balbix.
“Marriott’s data breach in 2018 that compromised the information of as many as 383 million guests and resulted in a $123 million fine, stood as one of the largest to occur by number of records exposed. Today, the multinational hospitality company has suffered yet another breach, showcasing how the company still lacks proactive security strategies that identify and address vulnerabilities that put them at risk prior to millions of guests’ personal information being compromised.”
“In this most recent case, compromised login credentials have given intruders insider’s access. Although monitoring and analysis within the enterprise can identify suspicious activity, these credentials effectively bypass perimeter security and complicate detection. What’s more, if these login credentials have been reused across services, all Marriott applications that share credentials are now vulnerable.”
“Enterprises must proactively get ahead of the threat of compromised credentials by implementing effective password policies that ensure suitable password strength and do not allow password sharing. Additionally, by using two-factor authentication via a trusted second factor, companies can significantly reduce the number of breaches that occur due to compromised credentials.”
Thanks to the cybersecurity experts for their time and expertise. Learn more about necessary cybersecurity protections in our SIEM Buyer’s Guide.
Latest posts by Ben Canner (see all)
- Changing SIEM From Reactive to Proactive with Threat Hunting - May 27, 2020
- Top-Down SIEM: An Interview with Avi Chesla of Empow - May 21, 2020
- Securonix 2020 Insider Threat Report Warns of “Flight-Risk Employees” - May 20, 2020