Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

News

Home  >  News  >  World’s second largest data breach hits Marriott customers
NextPrevious
data breach marriott hotels

World’s second largest data breach hits Marriott customers

News | 10 December, 2018 | 0

Half a billion user accounts stolen over four years

On 8th September 2018, Marriott hotels noticed a security alert concerning an attempt to access the Starwood Hotels reservation database which the hotel chain had purchased back in 2016. Recent investigations have revealed that the attackers had access to the Starwood systems and database since 2014, resulting in some 500 million user accounts being compromised.

This colossal data breach is thought to be the second largest data breach in history, with stolen data including names, addresses, passport numbers and encrypted payment card details.

Marriott states:

“the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128). There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.”

The scale of the breach is already prompting action from US lawmakers, including consideration of GDPR-like regulations that would require data retention policies to be defined and for all unnecessary data to be deleted.  Attackers cannot steal data you do not hold.

It goes without saying that a comprehensive penetration test and security audit during the due-diligence phase of the acquisition of Starwood, or any time since, could have identified the security weaknesses exploited by the hackers.

Intrusion Detection Systems can be effective in identifying unauthorised access to network resources, but they need to be correctly configured and monitored.  The attackers were active in the Starwood network for four years before being detected, systematically extracting data, encrypting it and exfiltrating it from the network.  Many CISO’s today are adopting the attitude implied by standards such as PCI-DSS: do all you can to protect your network but assume you will be breached, so make sure your monitoring is set up to detect it as quickly as possible.

Data Leakage Protection measures need to reflect the sophistication of the attackers and the value of the data to be stolen.  Starwood had a DLP system in place that looked for PAN numbers leaving the network, and so the hackers simply disguised the card data through encryption before exfiltrating it in order to bypass the monitoring systems.

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.

cyber security, Data Protection, security breach

Related Post

  • The people are the problem

    By Mark Faithfull

    As professionals in the technical discipline of Information Technology, it can be easy to forget that the risks that we need to guard against are more than purely technical.  While it is true that patchesRead more

  • Laptop data breach in Norway

    Huge attack on Norway’s health care systems may have exposed half the population

    By Ian Reynolds

    A massive security breach in Norway’s Health South-East Regional Health Authority may have exposed the personal health records of 2.9 million people. Covering ten counties, Health South-East RHA is responsible for the health care ofRead more

  • Hyatt Hotels - security breach

    Cardholder Data Stolen in Latest Hyatt Hotels Security Breach

    By Ian Reynolds

    The global hotel chain Hyatt Hotels informed their customers this week that their credit card details may have been stolen as a direct result of a recent security breach. Chuck Floyd (Global President of OperationsRead more

  • Microsoft office memory corruption

    Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)

    By Ian Reynolds

    This week, we saw a new vulnerability surface which affects users of all currently supported Microsoft Office applications. Security researchers at Qihoo 360 Core Security first detected the vulnerability being exploited ‘in-the-wild’ on 28th September,Read more

  • Windows DNSAPI vulnerability

    Windows DNSAPI Remote Code Execution Vulnerability (CVE-2017-11779)

    By Ian Reynolds

    In this week’s Patch Tuesday update (dated 10th October, 2017), Microsoft have released patch for a vulnerability which affects multiple versions of the Windows operating system and could allow an attacker to execute arbitrary codeRead more

NextPrevious

Recent Posts

  • Rockwell Automation Critical Vulnerability in PLC
  • Exchange 0-day exploits need patching today
  • What is a pass the hash attack?
  • VMware patches critical RCE in vCenter Server
  • What is a dependency confusion attack?

Tags

Android Apple Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DDoS DNS Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft ncsc patching penetration testing phishing ransomware RDP security breach Security operations security testing SIEM software development Spectre supply chain attacks Sysinternals Tomcat TPM Unix vulnerability management web applications web browsers wireless

Archives

  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us
SecureTeam