Reactions to Marriott’s data breach

On Computer Security Day, Marriott International—the biggest hotel group in the world—revealed a massive data breach that affected 500 million guests who stayed in Starwood properties between 2014 and this September. Bloomberg reported that it may one of the biggest such breaches in corporate history.

The information collected in the breach includes names, mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Some credit card details were also stolen.

According to a press release from the hotel group, the company recently discovered that an unauthorised party had copied and encrypted information and took steps towards removing it.

“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” said Arne Sorensen, president and CEO for Marriott, in a statement.

Here are some reactions from the weekend:

That was quick. There is already a class-action lawsuit against Marriott over the data breach pic.twitter.com/S4yHmk6jUL

— Dustin Volz (@dnvolz) November 30, 2018

Marriott may be the first #GDPR victim. In addition to costs of the breach itself, standard penalty for a data breach under GDPR is 4% of global revenue, which would mean something like $916 million in fines, based on 2017 revenue.

— Owen Lystrup (@owen_lystrup) November 30, 2018

this seems like an odd thing to have to confirm:https://t.co/HzZb5fUGhP

— Patrick Clark (@pat_clark) November 30, 2018

Marriott in July: We’re going to start putting handy listening devices in your hotel room!
Marriott in Nov: Oh No! We’ve had a 500m person data Breach.

I have questions about the terms of access to those hotel Echos. pic.twitter.com/AI3EObdA0I

— Simon McGarr (@Tupp_Ed) November 30, 2018

Hey @Marriott you sure you want @KrollWire handling your data breach? Their WebWatcher service can't even handle long passwords. pic.twitter.com/C30Ok1ySXh

— Greg Wells (@wellsgr) December 1, 2018

This #Marriott #spg data breach... pic.twitter.com/oZHTXeAUkF

— Levy ☀️ (@VectorAlong) December 1, 2018

I think this is the largest single breach since Yahoo's 500 million data breach. But Marriott isn't affected, as it had an entirely separate system when it bought Starwood Hotels in 2016. Marriott said "unauthorized access" began in 2014.

More here: https://t.co/6eS2yGAOxG pic.twitter.com/ukgJOqDvFD

— Zack Whittaker (@zackwhittaker) November 30, 2018