Once considered a major event, the recent disclosure by Marriott corporation regarding the hack of over 500 million guest records from their Starwood reservation system is sadly nothing new. Even their admission that the hack had been going on undiscovered sine 2014 was not an eyebrow raiser.
Forbes recently published “Given that the global annual revenue of the company reached $22.89 billion in 2017 and the strictest fine could amount to 4% of it, the sanctions imposed by the E.U. could be translated to $915 million. This will probably add up to the amount of $3.5 billion, analysts initially estimated some days after the incident went public.”
Furthermore, Marriott felt compelled to state, “For 327 million people the guests’ exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information.” For millions of others, their credit card numbers and card expiration dates were potentially compromised. Marriott warns that it can’t confirm if the hackers were able to decrypt the credit card numbers!
And although there’s no longer consumer outrage, the financial markets voiced their opinion with Marriott’s stock (MAR) plunging on the news, falling more than 6% effecting Marriott’s value and ability to raise investment funds for their 6,700 properties located in over 129 countries.
Could the breach have been mitigated or avoided? It may be worth noting that exercising a reduction in their sensitive data footprint would have significantly mitigated the second largest data breach in corporate history! For a relatively small investment in time and money, Marriott could have employed a data-centric approach, discovering, classifying and securing data thereby protecting their customer’s sensitive data. At a fraction of their loss in stock value, proactive measures such as employing Spirion software would be the ounce of prevention that would have prevented their current pound of pain!