View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
April 1, 2020updated 02 Apr 2020 9:54am

Marriott International Cites Insurance to Downplay Data Breach

But security experts say the incident is deeply troubling...

By CBR Staff Writer

Marriott International Inc. says the impact of the second major data breach it has reported in just 18 months will not be significant, owing to its cyber insurance policy.

But security experts today warned that they feared the hotel was being mined for personal data on officials that could be exploited for intelligence purposes.

The incident, reported March 31, saw the personal data of approximately 5.2 million guests exposed, including names, contact details, and loyalty rewards status.

Marriott International Data Breach: What Happened?

Marriott said: “At the end of February 2020, the company identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. The company believes that this activity started in mid-January 2020. Upon discovery, the company confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.”

The data breach comes after the UK’s Information Commissioner’s Office (ICO) in July 2019 said it intended to fine Marriott International over £99 million for infringements of GDPR, after it reported that some 339 million guest records had been stolen, in an incident going back to Marriott’s 2014 acquisition of the Starwood hotels group

(That proposed fine appears to have been kicked into the long grass, with an extension of the regulatory process until 31 March 2020 and legal experts suggesting a significantly lower settlement, like the £500,000 agreed by Facebook, was likely).

Insurance Should Cover the Damages

Marriott International suggested it was relaxed about the economic impact of the recent data breach, noting: “Marriott carries insurance, including cyber insurance, commensurate with its size and the nature of its operations, and the company is working with its insurers to assess coverage. The company does not currently believe that its total costs related to this incident will be significant.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Casey Ellis, CTO and founder of security firm, Bugcrowd, said the incident was troubling. He said: “Like the OPM, Anthem, Dulles and the 2018 Marriott breach, this breach is just another in a long string of attacks targeting US officials.

“Think about it, officials from the NSA, CIA, FBI, DoD stay at Marriott hotels, including possibly diplomats, business people or intelligence officials as they travel around the globe. The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security–alarm bells should be going off.

He added: “The hospitality industry continues to demonstrate a greater need for stronger security measures – especially since this is the second security incident affecting Marriott in the past two years.

“This attack emphasizes the need for the hospitality industry to take security seriously. Hotels collect more private personal information than most enterprise organizations (birthdays, passport numbers, email and mailing addresses, and phone numbers). Cybercriminals know what types of organizations collect troves of sensitive data, and given the amount of valuable information at hand, hospitality organizations can no longer afford to ignore their vulnerabilities.”

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.