Professional Documents
Culture Documents
Case Study - 2018marriott
Case Study - 2018marriott
Case Study - 2018marriott
Category: forms. Going forward with any of these actions could lead to the
installation of malware on the victim’s computer, the freezing of the
system as part of a ransomware attack or the revealing of sensitive
information.
A 2020 annual internet crime report, released by the FBI, reveals that
phishing was the most common type of cybercrime in 2020—and
phishing incidents nearly doubled in frequency, from 114,702
incidents in 2019, to 241,324 incidents in 2020.
The FBI said there were more than 11 times as many phishing
complaints in 2020 compared to 2016.
Company description: Marriott International was founded in 1927 by John Williard Marriott
and is headquartered in Bethesda, Maryland. It is a multinational company that manages and
licenses various types of lodging worldwide. Marriott has 30 brands (including the Ritz-Carlton and
St. Regis luxury brands), with over 7,000 properties in over 130 countries. Marriott’s 2016
acquisition of Starwood Hotels & Resorts made it the largest lodging company in the world.
As of 2020, the company employs over 120,000 people and is still highly regarded within the
hospitality industry.
Summary of the security incident and data breach: In early September of 2018,
there was an attempt made to access the internal guest reservation database for Marriott’s Starwood
brands. An internal security tool flagged the attempt as suspicious. Because of this attempt, an
internal investigation was conducted and determined that the Starwood Network was compromised
back in 2014. Even though Starwood was acquired in 2016, the former Starwood hotels were
utilizing their old IT infrastructure and not the Marriott reservation system. The investigation
discovered that attackers managed to obtain information from up to 500 million guest records. Those
records included credit card information and passport numbers.
Sometime in 2014 — back when Starwood had been a separate company- the
Starwood network had been compromised. It is believed that the initial
1
compromise was due to a phishing attack.
In 2016, Marriott International acquired Starwood Hotels & Resorts and thus
2 making Marriott International the largest lodging company in the world.
Costs Prevention
• As of March 2019, the company had incurred $28 • Proper education of all employees to be aware of
phishing e-mails and other cyber-security threats
million in expenses related to breach. the company may face.
• The U.K.’s ICO initially fined Marriott £99 million • Have enough trained cyber-security employees in
place along with current safety protocols.
($123 million), but by late 2020, reduced it to
• A thorough auditing of the Starwood IT systems
dropping it to £14.4 million (~$23.8 million). should have been conducted immediately after the
acquisition.
• Marriott is facing a class action lawsuit (led by
• The Marriott systems should have been integrated
Martin Bryant) which could cost it £1.75bn in the Starwood hotels immediately after the merger
was completed.
• Compensation is still unresolved and Marriott Audits for all systems for the entire company need
•
breach will result in the cost of millions of dollars -- to be conducted on a regular basis.
if not more than $1 billion in the years to come • Multifactor authentication (multiple methods of
authentication) should be implemented for all
including the IT and legal fees involved employees and guests of Marriott hotels..
• .