The Marriott international, an American multinational, this morning admitted that it was hit by a hacker attack that compromised 500's millions of customers of its Starwood hotels around the world ...
It is incredible how such a title can now be considered almost normal.
One of the internal control systems identified a possible attempt to access the Starwood hotel reservation system last 8 September. In the investigations that followed, it was discovered that since the 2014 system has registered unauthorized access.
This means that for about four years potentially data were stolen, certainly with more or less illicit purpose!
This is the declaration of the company, reported by securityweek:
"For nearly 327 million of these guests, the information includes a combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For more information, please note that payment card numbers and payment cards are encrypted using the Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to the name and sometimes other data such as mailing address, email address, or other information. Marriott reported this incident to support their investigation."
According to the article, the issue will not be subject to the GDPR as it began in 2014, when Marriott International was not the owner of the Starwood group, the fact remains that the Marriott remains responsible because the acquisition was in any case more two years ago.
Now, I can imagine that Marriott is investing a large part of its earnings in the security sector, I can even assume that the industry is experienced and that the systems used comply with the very strict American regulations, and yet they too have been hit.
What can one say then of all those small and medium Italian companies that do not even know what is IT security or that, even if they know it, they have to try to bring home the day? We are sure that our data are managed in the best way even from the supermarket in the house that, invariably, has provided us with a card for collecting points?
Unfortunately, I am skeptical, so every time I leave my data to someone I consider that they will inevitably be lost.
What to do then?
Everyone can make a free choice if he is aware of what he is doing.
I try to provide as little data as possible and only when really necessary ... it will not be the best but better than nothing.
However, to return to the Marriott, as a direct result of what happened, the company's prices have lost around 6% in the opening hours of the exchange.
To learn more:
- https://www.securityweek.com/marriott-hit-massive-data-breach-500-millio...
- https://www.independent.co.uk/life-style/gadgets-and-tech/news/marriott-...
