Description of the Breach
Marriott International is an American global diversified hospitality enterprise that administers and franchises a wide range of hotels and associated residential facilities and incorporates many well-known hotel brands, including Sheraton and W Hotels. The Marriott-Starwood data breach, which occurred from 2014 to 2018, declared that the personal data of about 500 million of their customers was corrupted. Data breaches are a serious issue to consider that leads to financial and sensitive data loss, as well as jeopardizes customers’ privacy and essential information infrastructure.
Abuse Techniques
The unauthorized access to customers’ data was processed in 2014. The situation was compounded by the fact that the data hacking or unauthorized taking of personal information was fully revealed only after four years of its beginning. Furthermore, it was not entirely clear what type of personal information was compromised, which means that those affected may be open to different forms of identity fraud.
Considering the data-dependent nature of the tourism industry, hotels, airlines, and other corporations contain personal customer information as a “convenience to guests and as a way of being more efficient” (Tarlow 2). This implies keeping clients’ credit card numbers on file, as well as using passports and driver’s licenses as evidence of personal identity. Therefore, the Marriott-Starwood data breach functions as a caution for the overall tourism sector.
Damages
The breach was announced in November 2018 and included compromised guests’ names, mailing addresses, phone numbers and emails, SPG (Starwood Preferred Guest) account information, as well as arrival and departure information, and reservation data. The breach corrupted even highly important personal information, such as passport number, birth dates, gender, and communication preferences. Moreover, for some people, the data affected involved encrypted payment card numbers and payment card termination dates.
Consequences
When a customer’s trust is being undermined, then the long-term outcomes of the tourism industry might become fatal. This implies the case when one is no longer confident that his or her personal information is safe and can be accessed only by a limited number of personnel. As described by Tarlow, this unfortunate breach of the Marriott hotel Starwood brand database, which led to the loss of personal records by nearly 500 million people, “serves as another example that the world of tourism security is fast-changing” (2).
Taking into account the instability of cybersecurity, there are two critical issues, such as maintaining privacy for personal information and the travel and tourism industry measures in case of a data breach. Even though the tourism and travel industry significantly invested time and money in cybersecurity, there is no guarantee for complete data privacy at present. The absence of total security in the physical world promotes an identical situation in the cyber world. The cybersecurity concerns are as crucial as the ones of cyber crisis management, which is a vital aspect in controlling customers’ confidence and loyalty.
Remedies
According to Ayaburi et al., following the reservation system breach, the Marriot hotel chain provided its guests with fraud-detecting service, a defense technology that pursued ensuring security guarantees for its customer base. In addition, Fox reported that the company established a dedicated help website for the victims and also operated a free helpline (par. 18). Tarlow developed several suggestions on cyber crisis management, such as having a plan, telling the truth, working to rebuild confidence, and revealing the helping measures (4). Other suggestions include providing information about data protection to travelers and good salaries for the security workers.
Works Cited
Ayaburi, Emmanuel W. et al. “Post Data Breach Use of Protective Technologies: An Examination of Users’ Dilemma.” HICSS, Proceedings of the 53Rd Hawaii International Conference on System Sciences, 7 January 2020, pp. 4247–4255.
Fox, Chris. “Marriott Hack Hits 500 Million Guests“. BBC News, 2018. Web.
Tarlow, Peter. “The Human Side of Cyber Security Breaches.” International Journal of Safety and Security in Tourism/Hospitality, vol. 16, 2017, pp. 1–5.