In November 2018, we wrote an article on Marriott’s first data breach when the hotel giant found out that there had been unauthorized access to the Starwood guest reservation database 2014. That unauthorized party had copied and encrypted information and took steps toward removing the data on 383 million guests.
The 2018 data breach was the result of a failed cloud security strategy during the Marriott-Starwood Merger. A few weeks ago, Marriott confirmed a second data breach involving the personal information on 5.2 million guests. This time, hackers obtained the login details of two employees and breached an unspecified property system at a franchise hotel.
It’s been a rough three years for Marriott’s cloud security, made even worse as European authorities issued Marriott with a fine of $123 million as a result of the breach.
As we said in 2018:
We are living in a world where there are hundreds of thousands of people around the globe continuously (whose job it is even) trying to exploit vulnerabilities. Regardless of how the breach occurs, typically, it’s because of an approach to compliance that is manual and periodic rather than continuous. Inevitably, that creates a cycle of being in and out of compliance. The problem is that even a brief lapse in compliance opens up a window that can and will be exploited. When you don’t achieve continuous compliance through monitoring and automated remediation, then it’s only a matter of time before you join the growing list of companies who have to explain to their customers that their information has been compromised.
Interested in learning more? Get your free trial of DivvyCloud and speak with a DivvyCloud expert today!