On Tuesday, March 31, hospitality company Marriott International disclosed information that it suffered a massive data breach. The number of consumers affected is currently tallied at 5.2 million. Marriott revealed that someone used the log-in credentials of two employees to gain access to guest data. The company estimates that the cyberattack occurred sometime between mid-January and February, when they discovered the occurrence, of this year.
Hackers infiltrated an application Marriott uses to provide hotel guest services. While no payment card information or passwords appear to have been compromised, the hackers made away with guest:
- Contact details, including names, email addresses and phone numbers
- Marriott Bonvoy loyalty account details (no passwords)
- Company affiliations
- Mailing addresses
- Partnership and Affiliate program information, e.g., point balances and airline program numbers
- Guest preferences, e.g. room specifications and stay durations
The exact details compromised vary from person-to-person. Marriott can also say at this time that hackers were not able to compromise Marriott Bonvoy PINs, passport information, national IDs, or driver’s license numbers.
How Marriott Reacted to the Incident
Marriott responded quickly to the data breach and disabled the two employees’ login accounts. They immediately started an investigation, and implemented increased cybersecurity monitoring. Marriott also enlisted resources to inform and support guests. Marriott notified the governing authorities and is providing them with support as they conduct investigations.
Support for Marriott Guests Impacted by the Data Breach
To support impacted consumers, Marriott has set up an incident support page, which links to a self-service portal to find out if you were impacted. Marriott is also providing, at no expense to customers, personal information monitoring for the duration of one year. The service, known as IdentityWorks, is provided by Experian. The organization is also disabling existing Marriott Bonvoy passwords, prompting customers to change the credential and activate multi-factor authentication.
Hack Represents the Second Data Breach for Marriott In Three Years
This is the second data breach for the company in three years. In November 2018, Marriott revealed that its Starwood division – a branded number of hotels it acquired in 2016 including W Hotels, Sheraton, Westin, et al., – suffered a data breach. Hackers gained unauthorized access to a guest reservation database. Marriott disclosed that the hackers had accessed the Starwood network as early as 2014.
The malicious actors tapped into reservation information for guest stays at Starwood properties on or prior to September 10, 2018. A security tool alerted Marriott of the attempt to access the Starwood database. Further investigation revealed that a party without authorization to access the data replicated, encrypted and made attempts to remove the data. Of the 500 million impacted, there were 327 million victims who had their names, mailing addresses, phone numbers, email addresses, passport numbers and Starwood Preferred Guest account information revealed. In addition, cybercriminals gained access to their date of birth, gender, arrival and departure information, reservation date and communication preferences. Still others had their credit card numbers and expiration dates compromised, although it was encrypted.
How Threat Modeling Can Enable the Hospitality Industry to Secure Their Attack Surface
Hotels have an even harder time managing their attack surface due to the addition of IoT and many interconnected POS systems. There are many more attack surface vectors that the hotel and hospitality industry has to contend with. One path that Marriott – and other hospitality industry companies – can take is to focus on threat modeling their attack surface.
An organization’s attack surface is comprised of the attack paths an unauthorized user can take to infiltrate a system and compromise data. With ThreatModeler, an organization can review each of the entry points that lead to attack paths where private, sensitive and confidential data is stored. This review provides an understanding of the different attack paths a hacker can take to compromise data, equipping them with the knowledge to make educated decisions on cyberattack prevention. Clearly understanding these attack paths, organizations can identify the security controls needed and where. With a better sense of the overall security posture, organizations are taking a proactive rather than reactive approach to cybersecurity.
ThreatModeler Automates Threat Modeling
ThreatModeler is the leading, automated platform that has taken the guesswork out of threat model diagram creation, providing a speedy analysis of IT architecture, which provides actionable outputs to secure your IT architecture. ThreatModeler’s Threat Intelligence library draws security guidance, best practices and requirements from leading, authoritative resources such as OWASP, AWS and more. As you build out your threat model, the platform automatically analyzes the components against the library to update you on the threats and security requirements needed to secure your IT ecosystem .
To learn more about how ThreatModeler can help you to ensure your operations are secure by design, we recommend scheduling a live demo. You can also speak to a threat modeling expert by filling out our contact form.