Marriott hotel has finally made an official disclosure of what was stolen from the reservation system database of its business subsidiary Starwood Hotels last year.
An official statement from the company says that over 383 million customer records were siphoned by the hackers in the said cyber incident. And the stolen info includes 25.55 million passport numbers out of which 5.25 million were numbers stored in plain text. Another 8.6 million encrypted payment card details were also siphoned by cyber crooks in the attack.
Readers of Cybersecurity insiders should notify a fact over here that Starwood hotels were purchased by Marriott in 2016, whereas the newly identified data breach is tracked back to a four year period i.e 2014.
At least five US states and Britain’s Information Commissioner Office are said to be investigating the incident which is suspected to be the work of Chinese intelligence backed hacking group APT10.
Last month, Mike Pompeo, the US Secretary of State confirmed that the attack was a part of an espionage effort directed by Beijing that mainly targeted health insurers and the US Civil Service employment database.
Note- In November last year, Marriott International disclosed that the data of more than 500 of its guests was compromised which happens to be the largest data breaches in the history of the United States. The news was out that data such as passport info, credit card details, names and phone numbers of the guests who made a check-in into the Starwood properties, DOBs, gender, arrival & departure details, reservation date, flight numbers and communication preferences were being accessed by hackers since 2014.
Truly a lot of data leak……..isn’t it?
Wonder how the UK watchdog will react to the issue…? Especially after the latest EU GDPR kicked in from May’18.