On July 5 local time, databreathes, a US data security website, revealed that Marriott Hotel Group had encountered another major data security incident recently.
According to databreaches, this data security incident occurred a month ago, involving about 20GB of user data, including personal privacy information such as hotel guest credit cards.
It is reported that Marriott has confirmed the occurrence of data leakage.
This is not the first time Marriott has suffered a data leak.
In December, 2018, the official Weibo of Marriott group announced that a room reservation database of its Starwood hotel was hacked, and 500 million user information may have been leaked.
At that time, this matter immediately became the focus of many people’s attention, because this data leak can be called the second largest company user leak in history after Yahoo’s 3billion user information leak in 17 years.
In the statement submitted by Marriott to U.S. regulators, it was mentioned that unauthorized access to the database had been detected on or before September 10. Specifically, the disclosure can be traced back to 2014.
“An unauthorized third party has copied and encrypted some information and taken measures to try to remove it. On November 19, 2018, Marriott International successfully decrypted the information and determined that the content of the information came from Starwood guest reservation database“
In addition, it did not disclose more specific details of hacking. However, network security experts have said that the acquisition of Starwood in 2016 may leave hackers quietly in Starwood’s database.
After that, Marriott International fell more than 5% before the US market.
After the incident, Marriott took the initiative to disclose its data leakage, which seemed to be a courageous move at that time. It is reported that Marriott established a special help website for the affected users and provided a helpline.
In that data leak, there were more than 500 million customers’ information, of which 327 million users’ information included name, mailing address, phone number, e-mail address, passport number, SPG Club account information, date of birth, gender, arrival and departure information, reservation date and communication preference, etc. Even some customers’ information includes payment card number and validity period of payment card.
However, it is reported that the payment card number has been encrypted by the advanced encryption standard (AES-128). Decrypting the payment card number requires unlocking two keys. At present, Marriott International cannot rule out whether the third party has mastered these two keys.
After the incident, a reporter commented that although this was not the largest data leak, the situation this time was also very bad. Even if the payment card information has been encrypted, the company also believes that the key may be stolen.
Until 2020, the impact of this data leak continues. According to Reuters, Marriott suffered losses due to the massive disclosure of customer data, and is facing a class action lawsuit initiated by millions of former customers in London.
Nowadays, the wave of cloud computing and big data has swept the world, and enterprises and governments are continuing to migrate to cloud platforms, including national key industries focusing on science and technology, finance, industrial manufacturing and government affairs, which are paying close attention to the layout of digitalization. With the widespread trend of “going to the cloud”, while bringing convenience to enterprises and governments, data security on the cloud is also challenged. No matter which industry, enterprises will generate data in production and operation.
According to the analysis and Research Report of IBM and Ponemon Institute based on more than 500 enterprises that have truly experienced data leakage in 17 countries around the world, the average cost of a single data leakage event of enterprises suffering from data leakage in 2021 was $4.24 million, an increase of 10% over 2020. With the diversity of hacker methods, the cost will increase exponentially in the future.
In addition to the loss of property, the loss caused by the loss of customer trust and the negative impact on the corporate image is even more difficult to estimate.
In the future, how to deal with such problems in the hotel industry has become the focus of the digital direction of the hotel group. How to build a firewall for data security? Can we actively monitor all aspects and conduct threat early warning analysis in advance? Both are urgent matters that should be considered in the industry.
In this context, how should enterprises ensure data security? Vinchin Backup & Recovery allows you to restore the entire virtual machine and all of its data from any restore point (full, incremental or differential backup) without affecting the original backup data. Backups that have been deduplicated or compressed can be restored. This is a great solution for ensuring business continuity and minimizing critical business interruptions caused by a disaster or system failure.
You can also quickly check the availability of backup data by instantly restoring a target VM to a remote location in minutes. Ensure that in the event of a true disaster, all VMs can be recovered and the data they contain won’t be lost or corrupted. Vinchin offers solutions such as VMware backup for the world’s most popular virtual environments, XenServer backup, XCP-ng backup, Hyper-V backup, RHV/oVirt backup, Oracle backup, etc.
