The recent Marriott data breach risked the privacy and creditworthiness of a half-billion guests who have stayed at the hotel chain since 2014, including those who booked through the Starwood reservation system that includes St. Regis, Westin, Sheraton and W Hotels, says global cybersecurity firm Stealthcare.
While Starwood had been breached in 2014, Marriott bought trouble when it acquired the brand in 2016 without discovering the hack, the company said this week.
To this day, Marriott does not know whether the hackers were able to decrypt the stolen credit card information, creating a ticking time-bomb for guests and the card-issuing banks, it added.
“Despite the consequences, Marriott’s corporate response has been shockingly blasé in news reports, especially considering Marriott did not even know about the four-year-old 2014 breach until last week,” said Jeremy Samide, CEO of Stealthcare, a company that created the Zero Day Live, threat intelligence platform.
Bruce Croxon, co-founder of Round 13 Capital, agreed with Samide on the Marriott breach, telling Bloomberg; there’s a “whole new cadre” of security firms pitching a preventative, rather than a reactive, service. “Companies haven’t yet realized the need for getting ahead of these security compromises as opposed to merely patching breaches as they occur.”
Added Samide, “Marriott’s biggest failure — and they are not alone — was that their due diligence did not red flag the hack in advance when acquiring a third-party asset, in this case the Starwood brand.”
He pointed out that “healthcare, law firms, banking and a few other industries understand the impact on consumer and shareholder confidence when customer privacy is compromised. Marriott’s data breach typifies corporate cybersecurity complacency.
“However, the hospitality industry ought to fully understand the relationship between guest privacy and brand equity. Breaching the privacy of prominent guests, for example, is worse than discovering bedbugs. Sadly, the attitude in too many C-suites falls along the lines of ‘we’ll worry about it later.’”
Zero Day Live was engineered by an international cybersecurity think tank and artificial intelligence research initiative. It was built by cybersecurity experts, upgraded by hardcore hackers, and launched by Stealthcare as a cyber threat intelligence platform two years ago.
Headquartered in Cleveland with offices in Toronto and Los Angeles, the company specializes in zero-day threats, orchestration of existing security infrastructure, and cybersecurity risk advisory and consulting services.