Marriott International acquires data breach
The world’s biggest hotel company Marriott International has announced that up to 500 million guest records may have been exposed in a data breach targeting the Starwood Hotel part of the business.
The breach was caused by unauthorised access to Starwood’s database, which happened in 2014, resulting in the names, phone numbers, and passport numbers of 327 million customers being put at risk. Payment details of some customers may also have been exposed.
Since Marriott International acquired Starwood Hotels for $14bn in 2016, this story highlights the need for thorough cyber due diligence during the M&A process.
Ollie Whitehouse, global chief technical officer at NCC Group, commented: “Marriott should have identified this breach through their cyber due diligence of Starwood in 2016 when it acquired the company. As result of buying a breach they will face a number of challenges at a board level around the levels of governance and diligence within the business. Had it performed a detailed compromise assessment as part of its due-diligence activity, the organisation’s board would have been informed of the breach and been able to make a decision based on risk or put other warranties in place.
“Since the compromise started in 2014, the breach doesn’t fall under the remit of GDPR. However, the fallout would be incredibly severe under this regulation, and therefore any organisation looking to undergo an M&A deal now or in the future should learn from this example and ensure a comprehensive cyber security and compromise assessments are carried out to inform their understanding of risk.”
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.