The recent Marriott data breach risked the privacy and creditworthiness of a half-billion guests who have stayed at the hotel chain since 2014, including those who booked through the Starwood reservation system that includes St. Regis, Westin, Sheraton and W Hotels.
While Starwood had been breached in 2014, Marriott bought trouble when it acquired the brand in 2016 without discovering the hack.
To this day, Marriott does not know whether the hackers were able to decrypt the stolen credit card information, creating a ticking time-bomb for guests and the card-issuing banks.
“Despite the consequences, Marriott’s corporate response has been shockingly blasé in news reports, especially considering Marriott did not even know about the four-year-old 2014 breach until last week,” said Jeremy Samide, CEO of Stealthcare, a global cybersecurity firm that created the Zero Day Live, threat intelligence platform, which, “would have detected the threat and immediately mounted a defense to protect guest privacy.”
Bruce Croxon, co-founder of Round 13 Capital, agrees with Samide on the Marriott breach, telling Bloomberg; there’s a “whole new cadre” of security firms pitching a preventative, rather than a reactive, service. “Companies haven’t yet realized the need for getting ahead of these security compromises as opposed to merely patching breaches as they occur.”
Added Samide, “Marriott’s biggest failure—and they are not alone—was that their due diligence did not red flag the hack in advance when acquiring a third-party asset, in this case, the Starwood brand.”
Hospitality Industry privacy standards failure
Samide emphasized, “Healthcare, law firms, banking and a few other industries understand the impact on consumer and shareholder confidence when customer privacy is compromised. Marriott’s data breach typifies corporate cybersecurity complacency. However, the hospitality industry ought to fully understand the relationship between guest privacy and brand equity. Breaching the privacy of prominent guests, for example, is worse than discovering bedbugs. Sadly, the attitude in too many C-suites falls along the lines of ‘we’ll worry about it later.’”
Marriott’s stock fell nearly 6% on news of the breach and has so far only recovered half the loss. What’s, Murphy, Falcon & Murphy, with their co-counsel Morgan & Morgan, has filed a national class action lawsuit against Marriott. The lead attorneys are claiming the 5,700-property hotel chain, “failed to ensure the integrity of its servers and to properly safeguard consumers’ highly sensitive and confidential information.”
Zero Day Live was engineered by an international cybersecurity think tank and artificial intelligence research initiative. It was built by cybersecurity experts, upgraded by hardcore hackers, and launched by Stealthcare as a cyber threat intelligence platform two years ago.
Samide explained, “Our goal was to far exceed ordinary cybersecurity vendors that merely provide access to information. We wanted to offer anticipatory, content-based customized intelligence and succeeded with Zero Day Live. We deliver daily predictive analytics to our clients of impending threats and provide the countermeasures to prevent the loss of data worth millions of dollars, intellectual property, reputation and financial assets.”
Stealthcare has changed the paradigm in cybersecurity from defence to offence through early warning and threat assessment that relies on machine learning and human intelligence, giving clients the tools, they need to respond quickly and effectively to the most sophisticated cyber attacks.
Cybersecurity trade magazine Riskemy recently reported that Zero Day Live, “Spotted early warning signs of massive cyberattacks, including the WannaCry ransomware of 2017, the 2016 Dyn cyberattack, and attacks on both the Democratic and Republican National Committees that began in 2015.”