When planning for a holiday, data breaches, IT security, and cyber-attacks are not the first thing that comes to your mind. However, the hospitality sector has been affected by different security flaws, and the latest data violation is affecting the popular hotel group.
Marriott International has announced that the records of 500 million customers had been affected by a data breach.
The hotel chain said how this breach was within the database of its Starwood division that consisted of Sheraton, L W Hotels, e Meridien and Four Points by Sheraton.
As per an internal investigation, the attackers had access to the network since 2014.
How it happened and was accessed
An internal security tool had alerted Marriott that the database was evaluated by an unofficial party. Due to this reason for investigating the issue, it was ultimately found that the data had been copied and encrypted.
Experts working in IT support agency in London said, the database has the record of nearly 500 million customers and is believed that the information stored was the combination of:
- Phone numbers
- Email addresses
- Dates of birth
- Passport numbers
- Account information
- Arrival and departure information
Besides, encrypted payment details and encryption keys were stolen.
About the consequences
Marriott International has reported this breach to the authorities and notified those affected customers.
They will have to abide by the EU’s GDPR rules for affected customers in the area of Europe.
It is very early to inform me about any fine that they may receive. In the past, Hilton Hotels had received a large fine of £525k for risking almost 363k accounts in two credit card data breaches.
However, in various data breach cases, scammers have sent emails by pretending to be from the affected party. Due to this reason, the hotel group has made it clear that no emails will be sent out with attachments or requesting any information.
How data breaches can affect business
The UK’s Department for Digital, Culture, Media and Sport’s Cyber Security Survey 2018 has noted that more than 4 in 10 businesses experienced a data breach in the last 12 months.
Professionals of a reputed IT support company in London have found, only 3 in 10 businesses have a formal or structure in place or cybersecurity policy. The maximum proportion of data breaches was in the Financial/ Insurance Sector in the last 12 months.
Why businesses seem to invest in cybersecurity
- 47% invest to keep the data of customers secured
- 23% invest to protect intellectual property, trade secrets, or other assets like cash
- 19% invest for business continuity to avoid downtime
- 16% invest to prevent theft or fraud
How much money a business invests on an average
The average level of investment varies for different industries. Since each business has their specific needs, some of them might choose to invest more than the others.
Financial Services/Insurance invests heavily in security to meet with the compliance regulations.
According to UK data of more than 800 companies, in the last financial year starting from April 2017 – March 2018, the average investments by the business sector have been discussed below:
- Hospitality/food £900
- Finance/ Insurance £17,900
- Admin/Real Estate £1,860
The cost of not investing is much greater for small businesses. Having GDPR in its place, that fines may reach by almost 4% of your yearly turnover.
What you can do to prevent a data breach
- Maintain backup of your data daily with off-site automated backups
- Choose strong passwords and another method for authentication
- Invest in cyber security training for the employees
- Take a practical stand towards technology management
- Encrypt your business data
- Invest in the latest technology to stay protected
If you have any questions related to the security, write in the comment box.