In November 2018, we wrote an article on Marriott’s first data breach when the hotel giant found out that there had been unauthorized access to the Starwood guest reservation database 2014. That unauthorized party had copied and encrypted information and took steps toward removing the data on 383 million guests.

The 2018 data breach was the result of a failed cloud security strategy during the Marriott-Starwood Merger. A few weeks ago, Marriott confirmed a second data breach involving the personal information on 5.2 million guests. This time, hackers obtained the login details of two employees and breached an unspecified property system at a franchise hotel. 

It’s been a rough three years for Marriott’s cloud security, made even worse as European authorities issued Marriott with a fine of $123 million as a result of the breach.

As we said in 2018:

We are living in a world where there are hundreds of thousands of people around the globe continuously (whose job it is even) trying to exploit vulnerabilities. Regardless of how the breach occurs, typically, it’s because of an approach to compliance that is manual and periodic rather than continuous. Inevitably, that creates a cycle of being in and out of compliance.  The problem is that even a brief lapse in compliance opens up a window that can and will be exploited. When you don’t achieve continuous compliance through monitoring and automated remediation, then it’s only a matter of time before you join the growing list of companies who have to explain to their customers that their information has been compromised.

Interested in learning more? Get your free trial of DivvyCloud and speak with a DivvyCloud expert today!

Similar resources that you may also enjoy


Why Identity Access Management is the New Perimeter

Evaluating and managing cloud security risk during the Mergers… 

View all Blog Posts

Augmenting Native Cloud Service Provider Security

Most organizations already have some level of cloud infrastructure… 

View all Blog Posts

Is Your Mercedes Leaking?

Information Security Buzz reported findings from a security researcher,… 

View all Blog Posts