Marriott International has revealed that it’s investigating a hack of the guest reservation database at its Starwood unit that may be one of the biggest such breaches in corporate history. The attack is troubling not just because of its sheer size, but also the level of detail potentially stolen by the attackers. The hack affects some 500 million guests—and for about 327 million of them, the data included passport numbers, emails and mailing addresses, Marriott said. Some credit card details may also have been taken.
The Marriott hack may rank only below Yahoo as one of the biggest of personal data, when 3 billion users were exposed to a 2013 security breach.
“We know there’s going to be a cost, but how big will it be, I don’t know, I don’t think Marriott knows,” says Michael Bellisario, an analyst at Robert W. Baird & Co. “Marriott’s biggest asset is the network effect of customers in the loyalty program. The big question is does it impact the Marriott brand, and the customer desire to be rewards program members? It’s still too early to tell.”
Regulators and consumers have been stepping up their action against companies that have suffered security breaches as such attacks have increasingly become more severe. Target Corp. last year agreed to pay $18.5 million to settle investigations by dozens of states over a 2013 hack of its database in which the personal information of millions of customers was stolen, while Equifax is facing billion-dollar lawsuits and a regulatory investigation.
Click here to read complete article at AdAge.