Marriot's' 500 Million Data Breach Scandal

Marriot's' 500 Million Data Breach Scandal

A politically inclined attack or just a ‘simple’ lack of security awareness?

Whatever the case, the cyber-attack that hit Marriott was huge. This was the joint second largest data breach to take place, after Yahoo in 2013 and Equifax in 2017. A cyber attacker stole personal information including names, emails, addresses, passport numbers, and credit card information of Marriot’s guests. All this lasted for four years! The data breach, which affected approximately 500 million guests (yes, million), was made public in late November 2018, two months after it was discovered by the hospitality giant.


The amount of data that was stolen from the Starwood Hotels (a company purchased by Marriott in 2016) system of reservations was massive. And what’s most surprising and shocking is that the first breach went undetected for four years, and thus the Starwood Hotels was still purchased and no attention was payed to the breach issue.  


By purchasing Starwood in 2016, Marriott became the largest hospitality company in the entire world, but it also suffered some side effects of this expansion since cybercriminals had penetrated the reservation systems of Starwood back in 2014 - undetected! According to Bloomberg Intelligence, “the company could face up to $1 billion in regulatory fines and litigation costs”.


Since the news originally came out, news came out that even the Marriott’s own security team was hit by an attack in June 2017. Clearly, something does not add up.


Another ‘not-so-controversial’ side to this story is that the data breach attack on Marriott hotel was politically influenced. The New York Times reported that the hackers were suspected of working on behalf of the Chinese Ministry of State Security. “The cyber attack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.”, the article further added. Surely, this side of the story will take a while until it unveils the whole picture.


In addition, in an emailed statement, Marriott spokeswoman Connie Kim stated “Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” She further added “We have no information about the cause of this incident, and we have not speculated about the identity of the attacker.”


The dearth of Security awareness

Taking into consideration how the story unfolded, anyone can blame and criticize Marriott and even Starwood for what seems like a line of big errors. Yet, the reality is that nowadays, it could occur to any business or company. Cyber Security preventive measures have become a lot more sophisticated than they used to be, but so have the cybercriminals. Basically, it’s a chicken and egg scenario. We are aware of the fact that legitimate companies are kept in ‘chains’ by laws – criminals are not. Unfortunately, this puts criminals at a highly favorable position to innovate and stay ahead of the good guys. The security teams, in this case, are playing a constant and dangerous game of catch-up which at some point will be catastrophic, as it happened with Marriott.


The main current issue in this aspect is the fact that security is still not a top priority for the top management of organizations. Despite having prominent organizations constantly being attacked, - such as it occurred in 2018 with Ticketmaster, Under Armour, British Airways and more, and a “when not if”, caution being typified by the security industry for many years now - many businesses have not yet realized the vital importance of security.


Simply put, the fact that a security review may have not been part of the Starwood purchase by Marriott, - or if it was, it was not conducted properly - is further evidence that security has not been given the right importance during the last few years.

Share This

What people have to say about us ?

Asma Al-Labadi,ETQ

Haneen Adnan ,Nuqul Group

Anas Diab,AES Jordan PSC

Hannan Ziadeh, Our Lady Of Peace Center for persons with disabilities

Eng. Ahmad Shrouf, General Manager, Green Has Jordan

Dr. Mohammad Sarhan, General Manager, Bio Medical Clinics

proudly serving

aacmena clients
aacmena clients
aacmena clients
aacmena clients
aacmena clients
aacmena clients
aacmena clients
+96265162240, Ext.48
Subscribe to our newsletter
Contact us