Up to 500 million travelers could be compromised as hotel chain Marriott International have announced a security breach in their guest database. Analysts recently alerted the firm to a vulnerability that has granted hackers access to the hotel chain's systems since 2014.
The firm announced their Starwood Preferred Guest (SPG) loyalty program was compromised for an extended period which left customers vulnerable. The exploit exposed critical guest information which included names, addresses, passport numbers, and dates of birth. Marriott also announced an unknown number of customers had encrypted credit card details stolen in the attack. If you have been a member of Marriott's Preferred Guest Program or a customer of Marriott hotels in the past, you should take steps today to ensure your data security. By doing so, you can protect your finances, prevent identity theft, and defend your data from attackers looking to exploit an opportunity.
Secure Your Data
Changing your Marriott password should, of course, be the first step to protecting your accounts. Even more importantly, sites where that same password may have been reused should be updated with new credentials too. Hackers commonly try details stolen from one site to access popular services and pages. We encourage everyone to use a password manager to store their details for safe use in the future. A good password manager enables unique, random, and strong passwords to be used with ease for every single website. While we can't stop hacks on systems outside of our control; we can defend our other accounts from being accessed by criminals. With secure password management, attacks on your business services or related accounts from a single hack are made impossible.
Performing Damage Control
The damage to the Marriott International brand following news of the leak will be undoubtedly huge. At a minimum, they have lost the trust of their customers worldwide. Asking customers to leave their personal and financial details again to pay for goods and services will be no small feat.
News of the hack made front page news as it broke, further damaging the firm's reputation among potential future customers too. As a result of a simple security attack, Marriott International will be forced into damage limitation to keep customers returning to the brand. This is why business security matters to us; when done right it's cheaper by far. The total cost of this latest attack won't be known for years to come. The firm is vulnerable to lawsuits worldwide, in some cases liable for financial losses, and required to purchase identity monitoring and security services for affected customers. Business owners can learn from Marriott's costly lesson.
Protect Your Business and your Customers
Any business can find their systems vulnerable to attack at some point. Whether waiting for updates, a newly released zero-day hack, or a malicious employee; responsible firms take steps to limit their liability.
As a rule, staff accounts should be locked to only the systems they regularly need to access. Similarly, customer data should only be open on an as-needed basis when a legitimate requirement exists. These steps, alongside systems and data monitoring, prevent a small-scale attack from resulting in an enormous data breach. Strong security enables customers to place and maintain their trust in a brand they can keep coming back to again and again.
Recent Scams Locally
A number of customers have contacted us recently regarding phone calls they have received from “Microsoft” saying that their “IP address has been hacked or compromised,” and that they need to let “Microsoft” resolve this immediately. In other cases, customers are being told that their antivirus is expired or not working. As usual, this is just another scammer trying to gain access to your personal details and devices. Under no circumstances should you give these callers any information whatsoever. Simply hang up. This latest batch seems to be rather persistent though and is often calling back repeatedly in an effort to gain access. While you may become aggravated with this behavior and wish to “teach them a lesson,” please remember that the best thing to do is simply hang up. If you wish to make a report of the incident, note the phone number(s) and file a complaint with the FTC here: https://www.ftccomplaintassistant.gov.
One of my favorite analogies to tell people when dealing with this kind of incident goes like this:
Picture yourself walking down the street, minding your own business when a stranger runs up to you, grabs you by the shirt and says “I’m a doctor, you’re having a heart attack and we need to operate now!” You feel fine, but yesterday you had a minor headache, so you lie down on the sidewalk, hand your wallet to the stranger, rip open your shirt and say “Get it done doc!” Of course, this sound ridiculous and you would never do such a thing in real life. If you really had a health problem, wouldn’t you call your regular physician or go to a real hospital? So why would you do this with your computer?
Don’t trust your computer to a stranger, get rock-solid computer help from your friends at Yellowstone Computing!