Marriott Hotel data breach, explain with a report on it that answers the following question; When...

90.2K

Verified Solution

Question

Advance Math

Marriott Hotel data breach, explain with a report on it thatanswers the following question; When and where was the breach? Whatwas the cause of the breach (be specific)? Who was affected? Howsevere were the effects of the data breach on the individualsaffected? Were there other potential effects (e.g. identity theft)that haven't been documented yet? How did the company respond tothe breach? Was there anything the company failed to do that wouldhave prevented it? Did the company undertake any actions to preventthis (or similar things) from happening again? Was there a publicoutcry over the company's response to the breach? How did thecompany address the public's reaction? What consequences did thecompany or individuals at the company suffer (firings, legalliabilities, etc.)? What recommendations would you make to preventa similar breach from occurring?.

Answer & Explanation Solved by verified expert

4.1 Ratings (757 Votes)

CASE STUDYMARRIOTT DATA BREACH On November 30 2018 hospitality giant Marriott International announced that an unauthorized party gained access to the personal information of 500 million Starwood customers joining the evergrowing list of massive breaches that seem to be occurring more and more frequently Marriott announced that sometime in early September 2018 they received an alert from an internal security tool indicating that an attempt had been made by an unknown entity to access the Starwood guest reservation database Shortly thereafter Marriott engaged outside cyber security experts to aid in determining what exactly happened It was discovered that there had been unauthorized access to the Starwood network as early as 2014 It was then discovered that this party had copied and encrypted customer information and acted towards removing it from the Starwood database Marriott advised that the data exposed included passwords email addresses departure and arrival dates and well as passport information Background on Marriott Breach While Marriott says they are looking into how the breach took place the question on everyones minds is why it was only detected now when its evident that it began over four years prior With the extensive resources Marriott has available to them they should have been able to identify and isolate the intrusion risk in 2014 Unfortunately it was also around this point that Marriott had announced is acquisition of the Starwood Hotels and Resorts Worldwide and thats where the issue may have begun Not two months after the announcement of the merger Starwood reported that it had suffered a largescale credit card hack Shortly thereafter the companys home website was the victim of a SQL injection attack and offers to hack the site were being made across the dark web It is for this reason that experts are saying Marriott should have known at that time that they were taking a considerable risk in acquiring Starwood Risk Model Estimates Catastrophe risk modelling firm AIR Worldwide estimates that the direct cyber incident losses for the breach will be in the neighborhood of 200 million to 600 million These estimates are based on both the quantity of consumers affected as well as the type of information involved AIR Worldwide mentions that the large 200m600m range of loss estimates reflects the relative uncertainty about the data that was stolen such as duplicate records and additional uncertainty relating to whether or not encryption keys had been stolen along with encrypted credit card data It should be noted that loss estimates are based solely on an analysis using AIRs Cyber Risk Model As a result they are subject to uncertainty and not based on any actual policy or loss data reported by Marriott Its worth noting that some of the financial impact to Marriott may be partially mitigated by cyber insurance and liability insurance coverage they supposedly have this is not accounted for in the loss estimates Government Regulation As part of the EUs GDPR and Canadas PIPEDA the hospitality industry is under pressure to comply as the range and nature of personal data held in any guest database poses a particularly high risk if found in the wrong hands This is much more than a consumer data breach When you think of this from an intelligence gathering standpoint it is illuminating the patterns of life of global political and business leaders including who they traveled with when and where That is incredibly efficient reconnaissance gathering and elevates this breach to a national security problem Michael Daly Cybersecurity Chief Technology Officer Raytheon Intelligence Beyond regulatory examination Marriott is now facing multiple class action lawsuits as a result of the breach Application Security Testing SQL Injection vulnerabilities See Answer

Get Answers to Unlimited Questions

Join us to gain access to millions of questions and expert answers. Enjoy exclusive benefits tailored just for you!

Membership Benefits:

Unlimited Question Access with detailed Answers
Zin AI - 3 Million Words
10 Dall-E 3 Images
20 Plot Generations
Conversation with Dialogue Memory
No Ads, Ever!
Access to Our Best AI Platform: Flex AI - Your personal assistant for all your inquiries!

Become a Member