Marriott, the world’s largest hotel chain, recently revealed that its Starwood guest reservation database has been hacked and that the personal information of up to 500 million guests had been exposed. The massive data breach revealed by Marriott International sheds light on what hackers often do with the personal data they steal, said Long Lu, a Cybersecurity Expert at Northeastern University. Hackers, he said, frequently sell people’s names, email addresses, and other personal information to spammers who, in turn, use it steal people’s identities or trick people into installing harmful software or buying fake merchandise.
The majority of the victims in the Marriott breach, believed to be 317 million people, had a combination of their names, addresses, passport numbers, dates of birth, phone numbers, gender, email addresses, and reservation information stolen. The methods used to hack the reservation system, the ability of Marriott to protect it against breaches, and how the stolen data could be used all remain unclear. However, Lu feels that the hack exemplifies how sophisticated cyber-attacks have become, the need for businesses to invest more resources in protecting their data, and the demand for laws that set industry standards for cyber security.
The breach affects customers who made reservations at Starwood-brand hotels and resorts between 2014 and September 2018, according to The New York Times. Marriott acquired Starwood, whose hotel brands include Westin, W Hotels, and Sheraton, in 2016. Marriott-branded hotels, which include Residence Inn and the Ritz Carlton, reportedly operate on a different reservation system.He said that companies have begun to do a better job at protecting customer data and responding to breaches and recommended that consumers try to protect their personal information by regularly changing their online passwords and monitoring their credit reports. Long Lu expressed, “Cyber-attacks are something we cannot completely stop, but we can always do better to try to prevent it from happening or reduce the likelihood for an attack to happen.”