Industry Update
Opinion Article 4 December 2018

I feel sorry for Marriott…

By Terence Ronson, Hospitality Professional, Technology Consultant, Public Speaker and Inventor

share this article
1 minComments
Ronson

Unless you've been hiding under a rock over the last few days, you would have undoubtedly heard of the recent breaking news story which has had a tsunami-like effect on the hotel industry…..Marriott [to include Starwood and all its subsidiary brands] got hacked, and allegedly, data involving some 500 million guests were exposed.

Advertisements

THAT'S AWFUL - but in all honesty, it was an accident waiting to happen.

All of the major robberies, and with this I include hacks who embark on unapproved removal of an asset - successful or failed, have focused on BIG targets - whether it be the US elections, Beyoncé's jewels, banks, Brinks trucks, the Royal Mail train in 1963, UBER, Hyatt, Target, Home Depot, Cathay Pacific, Dunkin Donuts, USPS, DELL, EMC, Yahoo, or an Apple Store. These are all high-profile targets which have been like honeypots to these felons. Marriott, which now includes Starwood, has grown so huge, it inadvertently put itself firmly and squarely in their sights and became a sitting target. It was really just a matter of time before the inevitable happened - and they would be hit.

Sadly, but not surprisingly, we live in a world which is also unfortunately populated by people with malicious intent who either do this for kicks or are commercially driven based on the potential value of the data which can be sold or exchanged for crypto on the dark web. One may even be tempted to classify this event as an act of cyberterrorism or espionage. And let's not forget the lawyers - the wolves at the door [aka Ambulance chasers], just waiting to lay stake to a class action claim. It's a sad reality - and so I feel sorry for Marriott.

As a Consultant to the industry, [and in full transparency, I have done work for Marriott so I have had a close perspective on how they operate], I know for a fact that this hotel group and so many other companies go to great lengths and expense to exercise duty of care and use their best endeavors to protect the data given to them for safekeeping so they can provide the best services to their clients. They constantly implement and update hardware defenses, employ tokenization and various encryption protocols for PCI DSS compliance as well as perform extensive vetting of software and hardware vendors, hosting/cloud providers and employees who handle the data. And while we are on the subject of vetting perspective vendors, look at the recent hoo-hah surrounding Huawei and the position some governments took in regards using them for their 5G data networks.

Some of the data collected by hotels are for Government compliance, and some for marketing purposes - but the overarching reason is to provide great personalized service. The heavy burden of keeping that data safe is only compounded by government legislation imposed in certain countries and jurisdictions, which add yet another layer to the firewall - one of those being the recent GDPR [General Data Protection Regulation] introduced in Europe on 25th May 2018. I'm very sure more jurisdictions will follow to include the Cybersecurity laws of China, and who knows what Brexit may bring if they install physical borders for the movement of people, then it's almost foreseeable, data flow controls will follow.

But the inevitable reality is that there will be individuals, corporations, some possibly state-sponsored, lurking in the dark with evil intent. Do you really stand a chance against them and their specialized tools? As fast as the security device companies find a new way to secure or encrypt data - someone cracks it with some kind of wizardry or an even bigger hammer. We've seen many instances where companies such as Apple have released a new version of a software, only to have it cracked the next day - and so the process of closing that breach has to happen with panic-stricken Elves working overtime. Don't kid yourselves, this is a full-time problem internally and externally - akin to shoring dikes when flooding occurs. Once you sandbag part of the wall, another crack appears and so on.

For the last forty years, hotels have, albeit gradually, embraced technology to help process, control and digest the enormous amounts of personal and transactional data that passes through its walls with one major element being Central Reservations [CRES] often with GDS connections. Some of these systems have been around for a very long time and could probably do with an upgrade - maybe utilizing Blockchain. When people make bookings - we use that data to allocate accommodation, provide various services, and associated logistics. The technology came with a promise to make things better - it was to enhance manpower, provide faster and more accurate access to data, and let's not forget, deliver personal service - every Hoteliers dream, by matching the guest's expectation. However, when you collect something valuable like terabytes, petabytes or even zettabytes of personal data about people - that's such an attractive honeypot.

I am hopeful that the data forensics team will comb through any crumbs or fingerprints that may have been left behind - and do whatever it takes to seek out and bring the infiltrators to justice.

One has to ask oneself - Is there a solution? Well, I for one, don't have an answer for this - I suspect though it will get worse before it gets better, and that's a sad fact also. The more data we expose, be it to places like Hotels or on Social Media, the more likely it will be targeted and used for dastardly purposes and so I repeat myself when I say, "I feel sorry for Marriott" and I can feel other hoteliers thinking - "there but for the grace of God, go I".

But as is often the case, we need a disaster to happen before things get fixed and so hopefully, this will be a loud enough wake-up call for technology suppliers, governments and industry bodies to find a solution. And to these entities - I throw down my gauntlet 

© 4th December 2018

Related News

Marriott Can Learn Lessons From Data Breach To Become Industry Leader On Cybersecurity, Says Globaldata

3 December 2018 — Following Marriotts announcement of a data breach affecting up to 500 million people,
Read more

Espionage, Id Theft? Myriad Risks From Stolen Marriott Data

3 December 2018 — The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say.
Read more

Marriott’s Starwood Should Have Detected Hack Years Earlier, Experts Say

3 December 2018 — Marriott International Inc. says it responded quickly when it learned in recent weeks of a colossal theft of customer data. But cybersecurity specialists say the company missed a significant chance to halt the breach years earlier.
Read more

Marriott sued hours after announcing data breach

3 December 2018 — Hours after announcing a data breach on Friday, two Oregon men sued international hotel chain Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland. 
Read more

Marriott Data Breach Does Little to Rattle Already Weary Loyalty Members

3 December 2018 — Loyalty members dont seem to be too bothered by Marriotts recent breach of more than 500 million users personal data. Part of that could be low expectations for Marriott, or because this isnt the first data breach rodeo for many.
Read more

What Marriott’s Data Breach Means for the Hotel Giant and Guests

3 December 2018 — Security breaches of hotel guest data are not uncommon, but few have been quite on the scale of the most recent incident involving 500 million Starwood Hotels guests.
Read more

Not a Good Day for Marriott | By Bob Braun

2 December 2018 — Data breaches are back in the news, and this time, its a well-known hotel industry player: Marriott International. The company announced today that unauthorized access to their systems going back several years has exposed the names and other personal details of over 500 million guests.
Read more

Marriott Announces Starwood Guest Reservation Database Security Incident

30 November 2018 — Marriott has taken measures to investigate and address a data security incident involving the Starwood guest reservation database. On November 19, 2018, the investigation determined that there was unauthorized access to the database, which contained guest information relating to reservations at Starwood properties* on or before September 10, 2018.
Read more

Terence Ronson

    More from Terence Ronson
    Contact
    Terence Ronson
    Managing Director
    Send email
    Latest News
    Advertisements