Marriott has disclosed a massive Starwood hotel data breach that may have impacted 500 million customers.
The breach and unauthorized access to Starwood’s reservation network apparently stretched from 2014 through November of 2018. For approximately 327 million customers, the stolen information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).
Experts say Marriott’s total tab for a data breach is going to cost billions of dollars over the next few years, based on the average cost of megabreaches. In addition, Marriott may face fines related to GDPR and other compliance regulations.
Marriott’s stock fell roughly five percent on the news of the breach, reinforcing the fact that security breaches and data theft have a direct impact on brand perception and business performance.
ACE IT Solutions regularly conducts cybersecurity risk assessments to help businesses identify security gaps, vulnerabilities or lack of proper security controls. Our cybersecurity risk assessment report can provide your firm with the knowledge of where risk exists and how to address it through remediation.