Marriott Data Breach: Impact and Prevention
Added on 2023-01-10
6 Pages1591 Words48 Views
|
|
|
Law of internet
TABLE OF CONTENTS
Marriott data breach.........................................................................................................................3
Target of the breach....................................................................................................................3
Perpetrator...................................................................................................................................3
Type and volume of data taken...................................................................................................4
Risks to those whose data was compromised.............................................................................4
Timeliness and adequacy of the response...................................................................................4
Liability of the target to the victims............................................................................................4
Other damage to the target and individuals.................................................................................4
Any way to avoid similar future incidents..................................................................................5
Marriott data breach.........................................................................................................................3
Target of the breach....................................................................................................................3
Perpetrator...................................................................................................................................3
Type and volume of data taken...................................................................................................4
Risks to those whose data was compromised.............................................................................4
Timeliness and adequacy of the response...................................................................................4
Liability of the target to the victims............................................................................................4
Other damage to the target and individuals.................................................................................4
Any way to avoid similar future incidents..................................................................................5
Marriott data breach
In the year 2018, the Marriott hotel chain announced that its one of the reservation system
has been hacked and hundreds of millions of the details of its customers records which includes
credit card details, passport number and other important information has been exfiltered by the
attackers. The below points provides the complete information about this cyber attack.
Target of the breach
The attackers had encrypted and attempted and is also being successful in removing the
data from its Starwood systems. In November, the hotel managed to decrypt the data and
identified that the information included from up to 500 million customers records. The breach
includes reservation base for Marriott's Starwood brands, which involves the Westin, Sheraton,
St. Regis, and W hotels.
Perpetrator
The mass theft is mainly associated with the cybercriminals with the aim of performing
identity theft or use the stolen credit cards numbers. The information is not confirmed by as per
the information stated in the New York Times and Washington Post, the US government has
pointed at the hackers employed by the Chinese intelligence services (Wang, 2020). Also, the
attackers have used cloud hosting space which is majorly used by the Chinese hackers. Another
aspect that point that the breach was a government attack instead of just cybercriminals as none
of these valuable data has been put on sale on the dark web. Through investigation, it was
discovered that a Remote access Trojan known as RAT has been used along with MimiKatz
which is a tool used for getting the username and password both together in a system memory.
These two tools in combination have given the attackers control over the administrator account
but its is not clear how RAT has been placed into the Starwood server however, such trojans can
be even downloaded from the phishing emails and it is considered to be the reason or a guess that
might have been the case in this.
The government sources speculates it is the part of Chinese effort to gather the massive
amount of data on American government employees and other officers. Since, Marriott is the top
hotel chain in US and service provider for government and military. The data stole in respect to
the credit card numbers could be for the purpose of tracking the movements across the world.
The biggest goal could have been that creating a pool of information on US government officials
and employees so that big data techniques can be used on it to analyse it.
In the year 2018, the Marriott hotel chain announced that its one of the reservation system
has been hacked and hundreds of millions of the details of its customers records which includes
credit card details, passport number and other important information has been exfiltered by the
attackers. The below points provides the complete information about this cyber attack.
Target of the breach
The attackers had encrypted and attempted and is also being successful in removing the
data from its Starwood systems. In November, the hotel managed to decrypt the data and
identified that the information included from up to 500 million customers records. The breach
includes reservation base for Marriott's Starwood brands, which involves the Westin, Sheraton,
St. Regis, and W hotels.
Perpetrator
The mass theft is mainly associated with the cybercriminals with the aim of performing
identity theft or use the stolen credit cards numbers. The information is not confirmed by as per
the information stated in the New York Times and Washington Post, the US government has
pointed at the hackers employed by the Chinese intelligence services (Wang, 2020). Also, the
attackers have used cloud hosting space which is majorly used by the Chinese hackers. Another
aspect that point that the breach was a government attack instead of just cybercriminals as none
of these valuable data has been put on sale on the dark web. Through investigation, it was
discovered that a Remote access Trojan known as RAT has been used along with MimiKatz
which is a tool used for getting the username and password both together in a system memory.
These two tools in combination have given the attackers control over the administrator account
but its is not clear how RAT has been placed into the Starwood server however, such trojans can
be even downloaded from the phishing emails and it is considered to be the reason or a guess that
might have been the case in this.
The government sources speculates it is the part of Chinese effort to gather the massive
amount of data on American government employees and other officers. Since, Marriott is the top
hotel chain in US and service provider for government and military. The data stole in respect to
the credit card numbers could be for the purpose of tracking the movements across the world.
The biggest goal could have been that creating a pool of information on US government officials
and employees so that big data techniques can be used on it to analyse it.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents