Banks sucked into Marriott’s massive data breach
The four-year long data breach at the hotel chain Marriott has turned into a very unwelcome guest for many banks.
Marriott says there was a data security incident involving the Starwood guest reservation database. You can imagine the type of guest information involved – bank details, credit cards etc.
However, don’t check out of this story just yet as Marriott says it learned during the investigation that there had been unauthorised access to the Starwood network since 2014.
Marriott has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests.
For around 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, account information etc.
For some, the information also includes payment card numbers and payment card expiration dates.
Comments and emails about this event have been invading my inbox all day. One will suffice.
Bimal Gandhi, CEO, Uniken, says: “Events like this Marriott Starwood breach underscore the sheer folly of continued reliance on outdated security methods such as using PII [personally identifiable information] in authentication, given the sheer proliferation of stolen and leaked PII now available on the Dark Web.”
Anyway, the investigation is ongoing and naturally the event has dragged in the world of banks and payments.
On Twitter, Starling Bank says: “At this point we think the financial fraud risk to our customers is low. We’re keeping an eye on things and will provide updates.”
Monzo, Revolut and others had similar messages. At the moment they all have to play a waiting game – tinged with vigilance.
You may recall the September incident, when in the wake of the British Airways (BA) data breach, UK banks flew into action to deal with potential banking and payments issues.