The breach, which was discovered in September, saw hackers access the names, address, phone numbers, passport numbers and in some cases, payment card details, of up to 500m guests. Investigations made since the breach was discovered has revealed hackers have had access to the network since 2014.
Ross Brewer, VP and MD EMEA, LogRhythm made the following comments, “This breach has affected a staggering number of people, with the hotel chain confirming hackers have been able to access 500m guests’ information, which, worryingly, includes passport numbers and encrypted payment card numbers.
“A breach like this highlights the importance of automated threat detection. When you consider the high value data companies like Marriott hold – names, addresses, payment details etc – it’s not surprising that hackers will persistently attempt to gain access. What’s surprising, and extremely concerning here, is that during investigations Marriott found that there has been unauthorised access to the Starwood network since 2014. We are constantly surprised by companies that are unable to detect anomalous network activity, but it’s not often this kind of activity has been going on for so long without being flagged.
“Companies like Marriott have a responsibility to protect the data their customers entrust them with, so it’s crucial they have tools in place that can identify unauthorised access as soon as it happens. Tools like NextGen SIEM and User and Entity Behaviour Analytics (UEBA) should now form a crucial part of an organisation’s security suite – without them, companies are always going to end up playing catch-up with the cyber criminals, which, in this case, has enabled them to roam the network undetected for four years.”
Jason Hart, CTO of Data Protection at Gemalto, commented, “One of the most troubling aspects of this breach is that the house has been effectively locked, but the keys left under the doormat. Whilst it’s good to see steps had been put in place to protect the sensitive data, encryption is only effective if its keys are correctly stored. This situation could easily have been avoided by managing and storing the encryption keys securely in hardware either on premise or as a cloud-based service.”