Monday, 3 December 2018

Is your credit card data at risk after hotel group's mega failure?

Have you stayed with W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien or Four Points?

If so you'd better change your pin number and your mother's maiden name.



Just joking. There is probably nothing you can do about possible identity theft after hackers stole information on as many as 500 million guests of the Marriott hotel empire over four years, obtaining credit card and passport numbers and other personal data.

The scandal is one of the largest security breaches in history.

The affected hotel brands were operated by Starwood before it was acquired by Marriott in 2016. None of the Marriott-branded chains were threatened.

“On a scale of 1 to 10 and up, this is one of those No.10 size breaches - there have only been a few of them of this scale and scope in the last decade,” Chris Wysopal, chief technology officer of Veracode, a security company, told the Associated Press wire service.

Security analysts were especially alarmed to learn that the breach began in 2014. While such failures often span months, four years is extreme, said Yonatan Striem-Amit, chief technology officer of Cybereason.

It is still unclear how much hackers could do with the credit card and passport information.

For as many as two-thirds of those affected, the exposed data could include mailing addresses, phone numbers, email addresses and passport numbers. Also included might be dates of birth, gender, reservation dates, arrival and departure times and Starwood Preferred Guest account information.

“We fell short of what our guests deserve and what we expect of ourselves,” CEO Arne Sorenson said in a pretty lame statement.

“We are doing everything we can to support our guests and using lessons learned to be better moving forward.”

Marriott set up a website and call center for customers who believe their info is at risk. Of course, they should be taking responsibility for immediately contacting everyone affected, but that is not the way big business works.

When the merger was first announced in 2015, Starwood had 21 million people in its loyalty program. The company manages more than 6,700 properties across the globe, most in North America.

There have been calls for laws that limit the data companies can collect on customers and ensure that companies account for security costs. This being the US, however, nothing has happened.

No comments:

Post a Comment