The Aftermath of the Marriott Hotel Chain’s 500 Million Guest Data Breach
The Marriott chain of hotels, with their recently revealed data breach which affected an estimated 500 million people has been causing a lot of concerns this week. Concerns which grew to a level a class-action lawsuit against them from their own customers. The breach, which was described as possibly bigger than the Yahoo data breach of 2013 was described as ‘deeply regretful’ by no other than President and CEO of Marriott Hotels, Arne Sorenson.
“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward. Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network,” explained Sorenson.
One lawsuit filed by a customer from Oregon was demanding $12.5 billion from Marriott, for the loss of data. Though a huge amount of money, equally divided to 500,000 people, it is only $25 damage fine per head. It is really a serious cause for concern since by just checking in with the hotel requires people to surrender his/her birth date, phone/mobile number, credit/debit card number and other personally identifiable information. Marriott has committed to enabling free enrollment of their affected customers to WebWatcher. The hotel chain promised that this free WebWatcher service will actively monitor the Internet when the personal information of the victim gets used, in an attempt to prevent identity theft.
Michael Fuller represents two individuals from Oregon, Chris Harris, and David Johnson, the later claimed that unauthorized activities were detected on his credit card. Fuller claimed that the $25/affected customer is just an initial payment, the cost of replacing a compromised card. However, he does not rule-out the possibility that one of the customers will step forward demanding bigger damage penalties, especially if they can prove of becoming a victim to identity theft.
This is not the last lawsuit that Marriott will face, as other customers will opt to demand for payment of damages. The likely victims were those that checked-in with their hotel chains for the last four years, with the Hotel chain only realizing the exist last September 10. The exact system which was breached was the Starwood guest reservation database, which is used by all their hotel brands including: W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
The possibility of lawsuit consolidation is also an option for the affected clients; this will further strengthen the case against the hotel chain according to Fuller.
Kevin Jones753 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.