This week Marriott disclosed a four-year-long data breach of the personal information of its hotel guests. It’s unclear how the breach occurred or why it took so long to come to their attention but the scope of the breach makes it one of the most troubling data breaches in history.
Undiscovered Due to Neglect
Marriott International the world’s largest hotel chain announced that its Starwood’s reservation database had been hacked and the personal information of half a billion guests had been stolen by hackers. Starwood hotels was acquired by Marriott in 2016, and includes hotel brands St. Regis, Sheraton, W Hotels, Westin, Aloft, Tribute, Element Le Meridien, The Luxury Collection, Four Points by Sheraton and Design Hotels.
The breach appears to have been happening over time since 2014 and was just uncovered this September after an internal audit. According to Marriott, for approximately 327 million of these guests, the personal information included guest names, addresses, phone numbers, emails, dates of birth, gender and travel information and preferences, payment card information as well as passport information which is highly unusual for a data breach.
Will This Data Breach Lead To Changes?
Because of the international extent of the exposure, Marriott could face significant financial penalties of $22 million or 4% of its revenue under European GDPR laws. Plus, according the USA Today, a class action lawsuit was filed against the hotel chain on Friday alleging the hotel “failed to ensure the integrity of tis servers and to properly safeguard consumers’ highly sensitive and confidential information.”
Security experts agree that a breach of this scope and duration can only occur when fundamental security practices are not in place and the most basic data protection policies not being followed. The consensus seems to be that to expose such a massive amount of data for so many years is not a system fault or mistake, it’s a lack of a system.
So What Should You Do?
At MyProfyle, we believe this threat is further proof that everyone’s information is at risk from many different sources and that we are all exposed multiple times per year. The solution to identity fraud is not to try to lock your identity or seek unobtainable privacy but to control your identity – not just your credit – by putting yourself in the position know of, approve or decline activity conducted in your name. That’s MyProfyle Free For Life ™ Identity Protection.