In late 2018, the Federal Trade Commission (FTC) issued a stark warning about a massive data breach at a Marriott chain that exposed the records of 500 million people.
The latest major corporate breach reinforces the need for companies to invest in multilayered security protocols that protect networks, devices and users.
What Happened at Marriott?
Marriott International reported that a breach of its Starwood guest reservation system exposed personal information on millions of people, Hackers gained access to highly sensitive data, including names, physical addresses, email addresses, phone numbers, gender, and loyalty program data. Among the most potentially damaging information taken were passport numbers, dates of birth and payment card numbers and expiration dates. While the payment card data was encrypted, the company did not know if the hackers had also stolen the technology needed to decrypt that information.
The breach began in 2014 and could affect anyone who made a reservation on or before September 10, 2018, at any of the Starwood brands, which comprise Le Meridien Hotels and Resorts, Sheraton Hotels and Resorts, St. Regis, W Hotels and Westin Hotels and Resorts.
How Did Marriott and the FTC Respond?
Marriott sent an email to warn those who may have been affected by the breach. However, the company ran into some criticism in its response, too.
The emails came from a third party and not the chain itself. The domain, email-marriott.com, doesn’t load or have an HTTPS identifying the certificate. That could lead other hackers to spoof the email and pretend they’re Marriott, duping consumers out of more personal information.
The company has offered a year’s worth of free internet site monitoring that generates an alert if evidence of a consumer’s personal information is found. However, the service is not available in all countries. U.S. consumers also can obtain free fraud consulting and reimbursement coverage.
The FTC encouraged consumers to check their credit reports and credit card statements for accounts or activity that’s not recognized. The agency also suggested placing a fraud alert or freeze on their credit reports.
What Can Companies Do To Prevent These Issues?
To ensure that your systems and networks are protected adequately from such intrusions, it’s wise to invest in a comprehensive assessment of your existing security defenses. An experienced IT services provider can assist with this assessment and recommend improvements to shore up areas that are lacking.
Today’s companies need a blanket of protections on several levels, including:
This broad approach to security helps minimize the likelihood of a Marriott-level incident damaging your company’s business and reputation.
Thanks for helping us upgrade our Macs and get them working exactly as our business needs! Fast, convenient and very knowledgeable! You’re the best!
Alary Technologies has been our IT support team for the past year at the START Clinic for Mood and Anxiety Disorders. They have done a excellent job in upgrading our system, organization, and supporting us in technical computer matters. Compared to other IT companies we have worked with, Alary Technologies comes on top. Ahmed Kufaishi the Managing Director at Alary Technologies is solution focused, knowledgeable and makes an effort to really understand his clients’ needs. It has been a pleasure to work with Ahmed and Alary Technologies. I would recommend their services to other companies and clinics.
“We continue to work with Alary Technologies due to the fact that they are quite educated and knowledge based with current upgrades, and their commitment to their customers.”
Ahmed has been providing our company with expert IT services for close to 3 years. He has guided us through hardware upgrades, server back up procedures and was instrumental in brokering a custom software program that fully automated some key functions in our business. Ahmed has always been thoroughly professional in all his dealings with us and has provided consistent and sound advise for all of our IT requirements. We consider Ahmed and Alary Technologies to be an important partner for our business.
It is refreshing to work with someone who can organize things and describe in plain language. I have a large and growing knowledge base for my work as an architect. I have realized that I can’t do everything, that I do need a team member who can look after this one relatively small by crucial part of my practice.