Attack Case Study
Marriott International data breach
Attack
Category
(examples: vishing,
spear phishing,
injection, ransomware,
etc)
The Marriott International data breach can be classified as a
sophisticated cyber attack falling under the category of a targeted
network intrusion. Attackers gained unauthorized access to Marriott's
network by compromising employee credentials and then exploited
vulnerabilities in the acquired Starwood Hotels and Resorts
reservation system. This breach resulted in the exposure of sensitive
customer information, highlighting the significance of implementing
robust security measures, conducting thorough assessments during
mergers and acquisitions, and promptly detecting and addressing
network intrusions.
According to the X-Force Threat Intelligence Index 2020 report by
IBM, the statistic about Network vulnerabilities attack in software
and systems increased by 33% in 2019. Thus indicating a growing
number of potential entry points for attackers to exploit in networks
and systems.
\
Company description
Summary of the security incident and data breach
Marriott International is a multinational hospitality company based in the United States. It is one of the largest
hotel chains globally, operating various brands and properties across different regions.
In November 2018, Marriott International disclosed a significant security incident and data breach. The breach
affected its Starwood guest reservation database, which contained personal information of millions of
customers. The unauthorized access to the database started in 2014, but the breach was discovered in
September 2018. The compromised data included names, addresses, phone numbers, email addresses,
passport numbers, and in some cases, payment card details.
The breach impacted approximately 500 million guests, making it one of the largest data breaches in history.
Marriott International took immediate action to investigate the incident, notify affected individuals, and
cooperate with law enforcement agencies. The company faced scrutiny for its handling of the breach, including
criticism about the delay in detecting the unauthorized access.
2014: The unauthorized access to Marriott's Starwood guest reservation
database begins, allowing attackers to gain entry to sensitive
information.
September 2018: Marriott International discovers the data breach during an
internal security review, realizing the unauthorized access that had been
ongoing for a prolonged period.
Timeline
Marriott International
Network intrusion
November 2018: Marriott International publicly discloses the data breach,
notifying affected individuals and the general public about the incident.
Scope of Impact: The breach affects approximately 500 million guests,
exposing their personal information, including names, addresses, contact
details, passport numbers, and, some payment card information.
Investigation and Response: Marriott International launches an
investigation, working with cybersecurity experts and law enforcement
agencies to assess the situation and respond to the breach.
Ongoing Measures: Marriott International takes steps to enhance security
measures, improve data protection, and prevent similar incidents in the
future.
Vulnerabilities
Overall Summary
Marriott International
suffered a major data
breach in 2018 that
lasted from 2014 to
2018. It exposed
personal and
payment card
information of
millions of guests.
Marriott responded
and notify affected
parties. Its
strengthening
security measures.
The incident led to
regulatory scrutiny,
fines, reputational
damage, and legal
action against
Marriott.
Vulnerability #1
Summary
Inadequate Security
Controls: There were
weaknesses in the security
controls and measures in
place, allowing the
unauthorized party to gain
access to the Starwood
guest reservation databas
Vulnerability #2
Summary
Insufficient Encryption: The
compromised data,
including payment card
information, was not
properly encrypted, making
it easier for the attackers to
access and exploit.
Vulnerability #3
Summary
Data Retention Practices:
Marriott stored guest
information from the
Starwood database for an
extended period, even
after the acquisition
Vulnerability #4
Summary
Insufficient security
measures or monitoring
within the supply chain
could have contributed to
the breach.
Costs
Prevention
• Bullet 1 Financial Losses
• Bullet 1 Robust Security Controls Implementation
• Bullet 2 Legal Actions and Settlements:
• Bullet 2 Regular Security Audits and Assessment
• Bullet 3 Reputational Damage:
Bullet 3 Encryption of Sensitive Data
• Bullet 4 Loss of Customers and Revenue
• Bullet 4 Strict Access Controls
• Bullet 5 Operational Disruptions
• Bullet 5 Employee Training and Awareness
• Bullet 6 Third-Party Vendor Security: Conducting