New to Busy?

Yet Another Security Breach (YASB) - Marriott Data Breach Affecting 500 million Guests!


7 months ago3 min read

Hello Steemians! Security breaches are happening so often these days that I think I will be starting a new tag called "YASB" (Yet another security breach) to track all these posts that I will be posting 😂. Today's victim is Marriott International with 500 million guests affected. Now, let's dive deeper to understand what happened...

Marriott International Data Breach


How many customers were affected?

  • Up to approximately 500 million guests who made a reservation at a Starwood property

What information were breached?

  • Personal information such as names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (“SPG”) account information, dates of birth, gender, arrival and departure information, reservation dates, and communication preferences.
  • For some individuals, encrypted payment card numbers and payment card expiration dates. Payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).

How did the hack happen?

  • There is no official statements on how did the breach happen. Investigations are still going on.
  • However, there had been unauthorized access to the Starwood network since 2014 and this was only discovered and stopped on September 10, 2018.

What are the impacts on the company?

  • Share price tanked following the hack. Source
  • Reputational impact
  • Will possibly be fined by regulators and government
  • Lawsuits are being filled. Source

How do I know if I am affected? And what should I do if I am?

  • If you made a reservation on or before September 10, 2018 at a Starwood property, information you provided may have been involved.
  • Starwood brands include: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program. Starwood branded timeshare properties are also included.
  • Marriott International published this site as a one-stop informational site on this incident.

My Thoughts

The hospitality and tourism industry is being targeted once more by hackers after the 2 recent airlines breaches. The industry is not regulated, hence they usually have a weaker cybersecurity program as compared to the financial sectors. However, the information stored (e.g. personal information and payment cards information) are highly lucrative for hackers. This make the hospitality and tourism industry a popular target.

What bothers me was how long they took to detect the breach which started in 2014. It took the company 4 years to detect that there were unauthorized activities on their database, which is much worse than the average "dwell time" of 191 days.

Dwell time is the duration a threat actor has undetected access in a network until it's completely removed.

I am fortunately not involved in this data breach as the Starwood brands of hotels are too expensive for me. Haha.. But if you are one of those affected, please consider look out of unusual activities on your Starwood membership and credit cards. Thanks for reading and let me know your thoughts on this incident as well!


Projects/Services I am working on:

You can find me in these communities:


Sort byBest