Skip to main content

US Customers Sue Marriott After Data Breach Affected 500 Million Guests

The lawsuits against Marriott were filed in the US state of Oregon and Maryland.





 US Customers Sue Marriott After Data Breach Affected 500 Million Guests

Marriott flag hangs at the entrance of the New York Marriott Downtown hotel in Manhattan. (Reuters)



San Francisco: 
After customers in the US sued global hotel chain Marriott for exposing their data with one class-action lawsuit seeking $12.5 billion in damages, cyber security experts today asked nearly 500 million affected customers globally to change passwords and take other precautions.
According to a report in ZDNet on Monday, the lawsuits were filed in the US state of Oregon and Maryland.
"While plaintiffs in the Maryland lawsuit didn't specify the amount of damages they were seeking from Marriott, the plaintiffs in the Oregon lawsuit want $12.5 billion in costs and losses," said the report.

Marriott International on November 30 revealed that its guest reservation system was hacked, exposing the personal information of approximately 500 million guests.
According to cyber security experts, questions need to be asked as to how 500 million guests have been affected by this data breach.
Promoted: In Stores
"While we''re still only beginning to assess the true extent of the attack, ultimately, the security solutions the Starwood Hotels and Marriott Group had in place clearly weren''t sufficient enough if it allowed an unauthorised third party to get into the system," said David Emm, Principal Security Researcher at Kaspersky Lab.
"The data was encrypted, but the attackers potentially stole the keys too - highlighting that an extra layer of security should have been in place to prevent this from happening. This data breach is now one of the most critical data breaches in history," Emm said in a statement.
The hotel chain said the hack affected its Starwood reservation database, a group of hotels it bought in 2016 that included the St. Regis, Westin, Sheraton, W Hotels, Le Meridien and Four Points by Sheraton.
According to John Shier, Senior Security Advisor, Sophos, the potential fallout from the Marriott''s Starwood data breach should be alarming to anyone who has stayed at a Starwood property in the last four years.
"Not only are guests at risk for opportunistic phishing attacks, but targeted phishing emails are almost certain, as well as phone scams and potential financial fraud," said Shier.
Unlike previous breaches, this attack also included passport numbers for some individuals who are now at increased risk for identity theft.
"At this point, however, it''s unclear what level of exposure each individual victim has been subject to. Until then, all potential victims should assume the worst and take all necessary precautions to protect themselves from all manner of scams," said Sophos.
Be on alert for spearphishing, opportunistic phishing, monitor your financial accounts and change passwords as a precaution, it added.
Marriott said that it reported the breach to law enforcement and was also notifying regulatory authorities. The hotel chain shares witnessed a maximum 8.7 per cent drop after announcing the data breach.

Comments

  1. ittoolkitprojectDecember 3, 2018 at 8:41 PM

    he fundamental problem I see as someone in the cyber security industry is a lack of priority from the board level down on cyber strategy . Cyber defense is complicated and requires trained, experienced professionals with budgets and the power to implement policy. Cyber defenses must follow a strategy and many security leaders simply don’t have the skills, education, teams and resources to create and implement a cyber defense strategy. Criminals follow strategy and are light years ahead of most companies. Given the general malaise in corporate cyber skills, the criminals will stay that way. Furthermore, cyber insurance premiums are a much better investment than cyber defense. Most breaches are unknown and cause little damage and the real problem with lax cyber defense for most businesses is that you aren’t investing to protect yourself. For every company that takes cyber security seriously, there are hundreds that don’t. This give attackers easy cover and operational bases. Companies that don’t have Marriott size databases aren’t as concerned with security so attackers use these systems at their will.

    very good read, Vibhu.

    ReplyDelete

Post a Comment

Title

Link

https://amzn.to/3isoLUX https://www.amazon.in/gp/product/B082PFY9S7?smid=AT95IG9ONZD7S&psc=1&linkCode=sl1&tag=mywebsit0749e-21&linkId=5108a27204271760a5ba4d6108af7893&language=en_IN&ref_=as_li_ss_tl https://amzn.to/3ist5DR https://amzn.to/3s5ZcMQ
Post a Comment
Read more

Information security policy

Information security policy To protect your information assets, you need to define acceptable and unacceptable use of systems and identify responsibilities for employees, IT staff, and supervisors/managers. This policy offers a comprehensive outline for establishing rules and guidelines to secure your company data. From the policy: Employee responsibilities An employee who uses the company workstations or systems to conduct business operations must:  Ensure that all equipment use is for business/professional reasons. Access only information that is needed to perform their jobs or assist others in doing so as part of the valid scope of their duties. Be responsible for the content of all data, including text, audio, and images they share internally or externally. All communications should have the employee’s name attached. Be responsible for all actions/transactions performed with their accounts. Use passwords and screen locks on company-owned systems or devices, or those
Post a Comment
Read more

How to cloud-enable Enpass Password Manager

How to cloud-enable Enpass Password Manager Learn how to combine Enpass and Dropbox into a perfect, cloud-ready password manager. 0:00 Fullscreen We've reached a point in time where very strong (non-memorizable) passwords should no longer be considered an option. Because of this, I tell everyone I advise to use a password manager that includes a random password generator so that the chances of someone hacking into one or more of their accounts are lessened exponentially. One of the password managers that ticks off nearly all of my boxes is  Enpass . It's cross-platform (available for Linux, Android, iOS, macOS, and Windows), has a great password generator, and (best of all) can be made cloud-ready. Must-Read Cloud Google Cloud Platform: An insider’s guide (free PDF) It's that last option that really seals the deal for me. Because of this, I can link every instance of Enpass I
Post a Comment
Read more

New Amazon class certifies cloud pros in securing data on AWS

New Amazon class certifies cloud pros in securing data on AWS The AWS Certified Security - Specialty Exam could help tech professionals broaden their skills on the AWS platform. 0:00 Fullscreen Building a slide deck, pitch, or presentation? Here are the big takeaways: A new class from Amazon, the AWS Certified Security - Specialty Exam, will validate a cloud pro's ability to secure the AWS platform. Cloud skills are in high demand, but added security expertise could help set job seekers apart. A new professional exam from Amazon Web Services (AWS) will help cloud experts validate their ability to secure data on the platform, according to a  Monday blog post . The  AWS Certified Security - Specialty Exam  is now available to those who hold either an Associate or Cloud Practitioner certification from AWS. As noted in the post, AWS recommends that those taking the exam have at least five years
Post a Comment
Read more

Some Hot New Technologies That Will Change Everything

Some Hot New Technologies That Will Change Everything Illustration: Randy Lyhus The Next Big thing? The  memristor , a microscopic component that can "remember" electrical states even when turned off. It's expected to be far cheaper and faster than flash storage. A theoretical concept since 1971, it has now been built in labs and is already starting to revolutionize everything we know about computing, possibly making flash memory, RAM, and even hard drives obsolete within a decade. The memristor is just one of the incredible technological advances sending shock waves through the world of computing. Other innovations in the works are more down-to-earth, but they also carry watershed significance. From the technologies that finally make  paperless offices  a reality to those that deliver  wireless power , these advances should make your humble PC a far different beast come the turn of the decade. In the following sec
1 comment
Read more

Network security policy

Network security policy This policy will help you create security guidelines for devices that transport and store data. You can use it as-is or customize it to fit the needs of your organization and employees. From the policy  Summary Every company’s network is made up of devices that transmit and store information. This can include internal and external systems, either company-owned or leased/rented/subscribed to. To protect company data and reputation, it is essential to ensure that the network is secured from unauthorized access, data loss, malware infestations, and security breaches. This must be done via systematic end-to-end controls. Policy details The IT department will be responsible for implementing, adhering to, and maintaining these controls. For the purposes of this document, “all devices” refers to workstations, laptops, servers, switches, routers, firewalls, mobile devices, and wireless access points. Where possible, these guidelines will app
Post a Comment
Read more

Top Java Interview Questions You Must Prepare In 2019(java interview questions and answers for freshers)

Top Java Interview Questions  You Must Prepare In 2019(java interview questions and answers for freshers) Java is today the most trusted language across the global developer community. With nearly all of the Fortune 1000 companies running applications on the Java Virtual Machine (JVM), Java has become a legendary language. Even while new languages and technology closely related to Java are popping up every now and then, they leverage capabilities of the JVM in some way. It is almost certain that Java will never go out of fashion. A career in Java will open up multiple opportunities in a wide range of job roles. We have curated a list of definitive Java questions that will help you breeze through your interview. In case you have attended Java interviews yourself or have any questions that you want us to answer for you, do feel free to add them as comments below. 1. What are the principle concepts of OOPS? Principle Concepts of OOPs Concept Description Abstraction Abstra
Post a Comment
Read more

Google I/O 2019 schedule includes sessions on Stadia, dark mode, lots of Assistant, but no Wear OS

Google I/O 2019 schedule includes sessions on Stadia, dark mode, lots of Assistant, but no Wear OS Google I/O is one of the most exciting times of the year for us tech nerds, and as we near the 2019 event,  the schedule is now up for all to see . This isn't the full complement of sessions — many smaller talks and workshops will be added in due course — but it does give us a good idea of which areas Google is likely to focus on most this year. It all kicks off on May 7 at 10am with the Google Keynote at the Shoreline Amphitheatre where Sundar will talk us through some of Google's key goals for the year ahead, followed by a more developer focussed keynote. The rest of the first day is packed with sessions on gaming, Material Design, self-driving cars, Android, and a number on Assistant. The  3pm deep dive into the streaming tech behind Stadia  could be particularly interesting. There's also  a talk about building apps for foldable displays . Day two starts wit
Post a Comment
Read more