The Marriott data breach affected up to 500 million clients. Millions of people could have their identities stolen and fraudulent accounts opened in their name. The breach has Rep. Jamie Raskin (D-Md.), among other political figures, involved in trying to figure out what exactly happened.
Rep. Raskin, as a representative of the district in which Marriott International is housed, took it upon himself to phone the company’s CEO, Arne Sorenson, on Friday. From the call, he gathered Marriott wants to be transparent but is unsure how the breach happened. Furthermore, customers of Starwood Hotels & Resorts Worldwide, a company acquired by Marriott a little over two years ago, should be especially worried. Raskin concluded Marriott failed to check appropriate data security measures were in place with the purchase.
On Friday, Marriott shared their pending investigation into the hacking of its reservation system. Following data breaches to other companies like Facebook and Under Armour, the Marriott hacking is the last straw for many. Lawmakers may need to step it up and craft a national data privacy law which dictates when companies need to report data breaches to their customers.
The EU, one step ahead, passed data privacy legislation in the form of the General Data Protection Regulation in 2018. In the U.S., states took the reins on data protection laws, California passing the strictest laws.
Marriott admitted there was an alert of unauthorized access to the Starwood database in the U.S. back on September 8. Security experts were hired and they found there was unauthorized access to customers’ private data since 2014. Someone illegally copied and encrypted guest information, including but not limited to payment information, passport numbers, and email addresses, and attempted to erase it from the system. Marriott decrypted the information on November 19 and realized the data came from the Starwood guest reservation database.
Cybersecurity experts say Marriott could have made amends in 2015 when a small-scale breach occurred. A class action lawsuit was filed against the hotel chain by Murphy, Falcon & Murphy and co-counsel Morgan & Morgan for negligence—failure to properly safeguard consumers’ sensitive and confidential information.
While CEO Sorenson assured Raskin Marriott is doing what it can to support affected customers with a website people can get updates on the investigation and find advice to prevent further unlawful seizure of data, several news sites have insight to add such as to open a separate credit card for online transactions and not to leave payment information saved on websites.
Featured Image via Wikimedia