Marriott is hit again by a massive data breach, but it won’t be alone as criminals take advantage of vulnerabilities during the current global crisis for their own financial benefit

6 April, 2020

It was less than 18 months ago that Marriott International brought us news that a data breach of the Starwood guest reservation database extended back until 2014 and had impacted up to 500 million guests at its portfolio of hotels.

Last week, it revealed that contact details, loyalty account information, additional personal details, partnerships and affiliations and personal preference information may have been illegally accessed for 5.2 million guests from a property system.

The information was accessed through an application used by hotels operated and franchised under Marriott brands to provide services to guests. It says that at the end of Feb-2020, it identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property, starting from the middle of Jan-2020.

Upon discovery, Marriott says the login credentials were disabled, immediately and it began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests. Marriott also notified relevant authorities and is supporting their investigations.

For the previous data breach, it was alerted to an attempt to access the system on 8-Sep-2018 and an investigation concluded on 19-Nov-2018 that there had been unauthorised access to the system. Marriott says the “unauthorised party” copied and encrypted information and took steps toward removing it.

For up to 327 million of those 500 million in the compromised database, the information included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences. An unidentified number of records also included encrypted payment card numbers and expiration dates.

But it is not just global brands that are at risk, but everyone of us. In its latest advice for travel managers and business travellers on the COVID-19 pandemic, travel risk intelligence company, Riskline, acknowledged security concerns such as service disruptions, strikes, protests and unrest, xenophobic attacks and surveillance may manifest as the crisis evolves in certain countries. But, it is also highlighted fraud and scams as a major concern.

It warned that criminals may attempt to exploit the pandemic as an opportunity to profit through scams, phishing attacks, malware and other forms of fraud, noting that approximately 3,600 new internet domains containing the word ‘coronavirus’ were created between 14-Mar-2020 and 18-Mar-2020. “Take common sense precautions for digital security, including verifying urls and the source of message attachments before opening them,” it advised.

We are all vulnerable currently. Our routines have changed. We are anxious and stressed and face constant negative stories. We are also much more reliant upon using our home technology, which may not have the same levels of security as our office-based systems.

The UK’s fraud prevention agency Cifas reports a surge in coronavirus scams. Expanding on the figures from Riskline, it says there were 3,000 internet domains containing the word ‘coronavirus’ on 01-Mar-2020, but that had grown to more than 57,000 by 22-Mar-2020.

The UK’s home workers are already plagued with regular calls from individuals purporting to be internet service providers threatening to shut off our WiFi. For the increasing number now also working from home, under both work and home stress, you could be easily fooled into sharing personal and even financial information.

Cifas says it has also seen an increase in emails from fraudsters impersonating CEOs or IT departments asking employees for access to their device and to share their screen information. Once they gain access, criminals are subsequently stealing banking and personal information.

Emails and texts purporting to be from government departments including HMRC offering grants and advice for workers and business owners affected by the coronavirus pandemic are also in circulation. These usually ask for personal data or contain a link that once downloaded, infiltrates a person’s device with malicious malware.

Fraudsters are always looking for new opportunities to steal money and information, but there is a great deal of evidence to show that they are specifically targeting homeworkers and preying on their anxiety during the coronavirus crisis, explains Mike Haley, CEO of Cifas.

“Employees working from home need to take a moment to stop and think before responding to any request for personal or financial information, even if they believe it is coming from their employer. Don’t be afraid to challenge a request if you cannot confirm it is legitimate, and remember that only criminals will try to rush or panic you into a decision,” he advises.

While we may be concerned that a major brand is reporting another data breach. More than ever, we also need to be hyper-vigilant of fraudulent activity and not let criminals take advantage of our fear during this difficult time.