The Marriott hotel chain asked guests checking in for a treasure trove of personal information: credit cards, addresses and sometimes passport numbers. On Friday, consumers learned the risk. Marriott International revealed that hackers had breached its Starwood reservation system and had stolen the personal data of up to 500 million guests. The assault started as far back as 2014, and was one of the largest known thefts of personal records, second only to a 2013 breach of Yahoo that affected three billion user accounts and larger than a 2017 episode involving the credit bureau Equifax.
The Starwood’s data has not popped up on the so-called dark web, according to Recorded Future, a cybersecurity firm, and Coalition, a cyber insurance provider, which suggested that the hotel attackers weren’t looking to sell what they took. “Usually when stolen data doesn’t appear, it’s a state actor collecting it for intelligence purposes,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington. The names, addresses, phone numbers, birth dates, email addresses and encrypted credit card details of hotel customers were stolen. The travel histories and passport numbers of a smaller group of guests were also taken. Marriott said it had set up a dedicated website and call center to deal with guests and said it would try to reach affected customers on Friday to inform them of the breach. The site was having problems staying online shortly after the attack was announced.
Senator Chuck Schumer has suggested that the Marriott Corporation should pay to replace all passports of everyone who shared their passport number on the Marriott site.
Credits:
https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html
No comments:
Post a Comment