30 November 2018
Marriott data breach. 500 million customers and many fields.
It has been reported that the Starwood division (W Hotels, Sheraton, Le Meridien and Four Points by Sheraton) of Marriott has uncovered a huge data breach.
Breach fatigue is becoming a real issue, along with the question of whether any personal data is still private.
We're going to need a step change in the effectiveness of security controls to stop these breaches from happening.
It is suggested that an attacker has been able to access their network since 2014 and had "copied and encrypted information" over that time.
The announcement says that the attack was stopped on 10th September 2018, after an alert from an internal security tool on 8th September. Clearly questions will be raised around why details are only being published now - 11 weeks later. The reason appears to be that the data was only unencrypted on 19th November - 11 days ago.
A large portion (over 300m records) of the data is thought to include:
We understand that Marriott is working with the police in several countries and the UK ICO.
Marriott has also set up a dedicated website and call center, email notification for affected guests and free WebWatcher alerts for guests for a year.
See the Marriott announcement here
See the best data protection, privacy and security news...
|181130 Marriott data breach - 500m customers|
|181126 ICO fines Uber £385k; Dutch fine them £532k|
|181029 Portugal fines hospital £400k|
|181026 DataGRC article for CILEX (lawyer regulator) - GDPR update|
|181025 BA security breach update 185k avios reward users|
|181025 Security Breach Cathay Pacific 9.5m Passengers|
|181024 ICO DPA'98 fines Facebook £500k|
|181022 High Court holds morrisons liable for data breach.|
|181009 ICO PECR fine Boost (findmeafuneralplan.com) £90k|
|181008 ICO DPA'98 fine HAL £120k|
|181002 ICO PECR unfine STS Commercial £60k|
|181001 ICO PECR fine Oaklands Assist £60k|
|181001 FCA fine Tesco Bank £16.4m|
|180928 ICO DPA'98 fine BUPA £175k|
|180928 ICO DPA'98 fine Equifax £500k|
|180907 British Airways data breach 380,000 customers|
|181030 DataGRC GDPR article for EyeForTravel - 3 tips for managing data breaches|
|180427 DataGRC article for CILEX (lawyer regulator) - GDPR overview|
|180322 DataGRC GDPR article for EyeForTravel - 10 practical recommendations|
Add a comment or a question...
Articles made publically available on this website are general information and should never be mistaken for formal or legal advice. If you are seeking formal advice for your specific requirements, please contact our advisory team using the form above.