breach case study on marriott starwood hotel system 2014
play

Breach Case Study On Marriott/Starwood Hotel System - PowerPoint PPT Presentation

Sep 02, 2022 •259 likes •555 views

Breach Case Study On Marriott/Starwood Hotel System 2014 2018+ Stephen P. Cutler,PhD spcutler@omnipay.asia We will look at it from a perspective of Confidentiality Integrity Accesibility And

  3. • • • •

  4. • • •

  5. Breach Case Study On Marriott/Starwood Hotel System 2014 – 2018+ Stephen P. Cutler,PhD spcutler@omnipay.asia

  6. We will look at it from a perspective of Confidentiality Integrity Accesibility And Accountability, Compliance, Ethics

  7. Let’s keep in our minds about: ● What personal data do you hold? ● Where is it held? ● Who has access to it, and what kind of access? ● When did you collect it? ● Why did you collect this detail? ● What level is the data classified at? ● Is consent well documented?

  8. Marriott is a great company. Global Warm Great reputation.

  9. Marriott owns the Starwood System Since 2016.

  10. The Starwood System consists of: 11 brands; 1,200 properties; On Six Continents

  11. On 8SEP2018, an internal security tool Alerted Marriott staff to an attempt To access and exfiltrate the database

  12. Think about that database: Name; Date of birth; Gender; Mailing address; Phone; Email address;

  13. Think about that data base: Passport information; Arrival/departure data; Preferred Guest information; Communication Preferences.

  14. Marriott says that perhaps 500 million Starwood guest records may have been stolen

  15. The alert was posted on September 8, 2018 Marriott notification and public announcements Are worded to say The breach was “discovered on or before September 10, but may go back to 2014”

  16. Payment Card data was protected by Advanced Encryption Standard AES-128 But...the decryption components may/may Have been taken as well

  17. U.S. Senator Charles Schumer says That Marriott ought to cover the cost of New passports for victims ● $110 x 327 million ● Basically...”You caused this. You fix it now”

  18. U.S. Senator Elizabeth Warren Calls for severe penalties for The CEO and other officers personally Basically, “You broke these people’s trust. You go to jail.” U.S. law does not currently have such penalty.

  19. The company admits “We failed” It has cooperated with law enforcement and regulatory agencies. It has investigated thoroughly, and found that the breach is likely to have begun in 2014, before it bought Starwood

  20. Marriott Established a website and call center for victim support It has emailed everyone in the database It offers free enrollment in”Webwatcher”

  21. Marriott faces a “Class Action” law suit Marriott stock share prices fell 5.6%

  22. to a Forbes report by Thomas Brewster posted on December Marriott had a string of cyber security problems. At least one of those came from a contracted cybersecurity vendor mistake.

  23. One problem discovered was an easily guessed password for the Starwood Service system; Once “inside” that system, one could Access financial records, I.T. Security Controls AND bookings information

  24. Investigation and reviews have disclosed that Russian criminals used a Botnet On hacked Starwood Servers

  25. Based on New York Times and Wall Street Journal reports Other media published items on January 4, 2019 Stating that the hackers may/may have been working for China’s Ministry of State Treasury.

  26. So, again, in light of the DPA: ● Who? ● What? ● When? ● Where? ● Why?

  27. Any questions?

  28. Thank you! Stephen P. Cutler spcutler@omnipay.asia

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Meeting Nutritional Needs 7 - 8 July, 2014 Putrajaya Marriott Hotel, Malaysia The

Meeting Nutritional Needs 7 - 8 July, 2014 Putrajaya Marriott Hotel, Malaysia The

Meeting Nutritional Needs 7 - 8 July, 2014 Putrajaya Marriott Hotel, Malaysia The Queens Anniversary Prize for Higher www.nottingham.ac.uk/globalfoodsecurity and nd Fur urth ther Edu Educa cation 2011 Global Food Security Forum

129 views • 10 slides
People Place Passion Pro fi t Introduction OHG is one of the largest hotel

People Place Passion Pro fi t Introduction OHG is one of the largest hotel

People Place Passion Pro fi t Introduction OHG is one of the largest hotel franchisees in Europe. Its close ties to Marriott and IHG enable a strong growth program. Ti e Stuttgart Marriott Hotel Sindel fi ngen, Glow Hotel

140 views • 12 slides
The Marriott Hotel at Penn Square and The Marriott Hotel at Penn Square and Lancaster County

The Marriott Hotel at Penn Square and The Marriott Hotel at Penn Square and Lancaster County

The Marriott Hotel at Penn Square and The Marriott Hotel at Penn Square and Lancaster County Convention Center Lancaster County Convention Center Trevor Sullivan Trevor Sullivan Penn State University 5 th Year AE CM Option The

500 views • 20 slides
Welcome to the conference! Session 1.0 Greenbelt Marriott Hotel Greenbelt, MD April 27 May

Welcome to the conference! Session 1.0 Greenbelt Marriott Hotel Greenbelt, MD April 27 May

Welcome to the conference! Session 1.0 Greenbelt Marriott Hotel Greenbelt, MD April 27 May 1, 2015 Natalia Donoho Conference Co-Chair NESDIS Office of Satellite and Product Operations (OSPO) Satellite Products and Services Division

469 views • 17 slides
Marriott Data Breach ISE 331 PROJECT BY: AMBER LI, JAMES HARVEY, YASH MATHUR

Marriott Data Breach ISE 331 PROJECT BY: AMBER LI, JAMES HARVEY, YASH MATHUR

Marriott Data Breach ISE 331 PROJECT BY: AMBER LI, JAMES HARVEY, YASH MATHUR

445 views • 28 slides
Logistics Update Session 3.0a Greenbelt Marriott Hotel Greenbelt, MD April 27 May 1, 2015

Logistics Update Session 3.0a Greenbelt Marriott Hotel Greenbelt, MD April 27 May 1, 2015

Logistics Update Session 3.0a Greenbelt Marriott Hotel Greenbelt, MD April 27 May 1, 2015 Natalia Donoho Conference Co-Chair NESDIS Office of Satellite and Product Operations (OSPO) Satellite Products and Services Division College Park,

1.01k views • 89 slides
February 9-11, 2015 Washington Marriott Wardman Park Hotel, Washington, DC Muthita Vanaporn Usa

February 9-11, 2015 Washington Marriott Wardman Park Hotel, Washington, DC Muthita Vanaporn Usa

February 9-11, 2015 Washington Marriott Wardman Park Hotel, Washington, DC Muthita Vanaporn Usa Boonyuen Pornpan Pumirat American Society for Microbiology http://www.asmbiodefense.org/ Biodefense Bacillus , Burkhoderia , and

570 views • 44 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

910 views • 4 slides
AADL : a radar case study Back to radar case study Goal: to model a simple radar system

AADL : a radar case study Back to radar case study Goal: to model a simple radar system

AADL : a radar case study Back to radar case study Goal: to model a simple radar system Let us suppose we have the following requirements System implementation is composed by physical devices (Hardware entity): 1. antenna + processor +

589 views • 10 slides
accounts hacked among several in recent weeks to come upon security breaches in their AP

accounts hacked among several in recent weeks to come upon security breaches in their AP

HEADLINES Impact and Cost According to the Ponemon At least 19 states have Institutes most recent introduced or are considering "Annual Study: U.S. Cost of security breach legislation in a Data Breach" (March 2014. Most of the

401 views • 12 slides
Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek

Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek

Photobioreactor system case-study Tom a s Stan ek Tom a s Stan ek Photobioreactor system case-study Tom a s Stan ek Photobioreactor system case-study Overal description Various devices with some autonomous logic and

920 views • 48 slides
A Tale of Too Many Claims 1 4/20/17 Case Study 1 The Biltmore Hotel Coral Gables, Florida

A Tale of Too Many Claims 1 4/20/17 Case Study 1 The Biltmore Hotel Coral Gables, Florida

4/20/17 A Tale of Too Many Claims 1 4/20/17 Case Study 1 The Biltmore Hotel Coral Gables, Florida Dates of Loss Hurricane Katrina August 25, 2005 Hurricane Wilma October 24, 2005 The Biltmore Hotel in Coral Gables

483 views • 15 slides
Agenda of the 2018 BARS AGM Marriott Hotel City Centre, Bristol Thursday 27 th September 2018 6.

Agenda of the 2018 BARS AGM Marriott Hotel City Centre, Bristol Thursday 27 th September 2018 6.

Agenda of the 2018 BARS AGM Marriott Hotel City Centre, Bristol Thursday 27 th September 2018 6. Webmasters Report 1. Minutes of the last AGM - Richard Bell 2. Matters Arising 7. Council Election Results 3. Chairmans Report - Phil

240 views • 20 slides
Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20

Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20

Low Hanging Fruit NWHA 2019 Annual Conference Marriott Downtown Waterfront Hotel February 20 22, 2019 Session Speakers & Moderator Speakers Dain Bates, Biologist, Idaho Power Company Hallie Meushaw, Attorney, Troutman Sanders

287 views • 4 slides
London Marriott Hotel County Hall Quintessentially British with iconic London views

London Marriott Hotel County Hall Quintessentially British with iconic London views

London Marriott Hotel County Hall Quintessentially British with iconic London views Quintessentially British with iconic London views Inspired by the views of Londons most iconic landmarks and the buildings heritage, the London Marriott

496 views • 13 slides
Honoring Heidelberg Post Dinner Friday, June 7, 2013 Heidelberg Marriott Hotel Inaugural Heidelberg

Honoring Heidelberg Post Dinner Friday, June 7, 2013 Heidelberg Marriott Hotel Inaugural Heidelberg

Honoring Heidelberg Post Dinner Friday, June 7, 2013 Heidelberg Marriott Hotel Inaugural Heidelberg Post Meeting 1953 COL Carl W. Meyer, Deputy Engineer, USAREUR COL Alvin G. Viney, Engineer, Seventh Army COL Walter H. Parsons Jr.,

505 views • 27 slides
HOW THE CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) WILL IMPACT YOUR BUSINESS ACQUISITION

HOW THE CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) WILL IMPACT YOUR BUSINESS ACQUISITION

HOW THE CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) WILL IMPACT YOUR BUSINESS ACQUISITION HOUR WEBINAR March 20, 2020 3/20/20 WEBINAR ETIQUETTE PLEASE Log into the GoToMeeting session with the name that you registered with online

1.1k views • 73 slides
PDF 2.0 New and Improved Features Supporting More Workflows MATT KUZNICKI DUFF JOHNSON

PDF 2.0 New and Improved Features Supporting More Workflows MATT KUZNICKI DUFF JOHNSON

PDF 2.0 New and Improved Features Supporting More Workflows MATT KUZNICKI DUFF JOHNSON Datalogics PDF Association PDF 2.0 New and Improved Features Supporting More Workflows Agenda About us and about PDF 1 Important new features of PDF

463 views • 33 slides
Partnership with Benetech, a non-profit organization that develops and supports Martus, secure

Partnership with Benetech, a non-profit organization that develops and supports Martus, secure

Partnership with Benetech, a non-profit organization that develops and supports Martus, secure information management software for human rights monitoring. 1 Benetech creates and develops new technology solutions that serve humanity, empower

843 views • 38 slides
ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring

ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring

ndnMouse Secure Control Interface for a PC Using a Mobile Device Wesley Minner CS 217B, Spring 2017 Project Final Presentation Motivation (Recap) Primary use case: slideshow control Traditional... Wired: short cord small radius

608 views • 42 slides
Introduction to the x86 Architecture Camiel Vanderhoeven September 29, 2015 Introduction to the

Introduction to the x86 Architecture Camiel Vanderhoeven September 29, 2015 Introduction to the

Introduction to the x86 Architecture Camiel Vanderhoeven September 29, 2015 Introduction to the x86 Architecture This information contains forward looking statements and is provided solely for your convenience. While the information herein

984 views • 38 slides
MBS FileMaker Plugin Christian Schmitz Monkeybread Software MBS FileMaker Plugin 3300 functions

MBS FileMaker Plugin Christian Schmitz Monkeybread Software MBS FileMaker Plugin 3300 functions

MBS FileMaker Plugin Christian Schmitz Monkeybread Software MBS FileMaker Plugin 3300 functions 400 new functions in 2014 500 new functions in 2015 already 350 example databases. MBS FileMaker Plugin One Plugin file Easy to install &

497 views • 38 slides
H3C MSR Presentation Network Produce Department Date: 20070915 Security Level: Confidential H3C

H3C MSR Presentation Network Produce Department Date: 20070915 Security Level: Confidential H3C

H3C MSR Presentation Network Produce Department Date: 20070915 Security Level: Confidential H3C Technologies Co., Limited. Agenda Trend of Multiple Service Integration MSR Routers Introduction MSR Routers Features MSR Router

606 views • 58 slides
Reliability Coordinator Rate Design, Terms, and Conditions Draft Final Proposal Ryan Seghesio

Reliability Coordinator Rate Design, Terms, and Conditions Draft Final Proposal Ryan Seghesio

Reliability Coordinator Rate Design, Terms, and Conditions Draft Final Proposal Ryan Seghesio VP, Chief Financial Officer and Treasurer Phil Pettingill Director, Regional Integration Stakeholder Meeting June 27, 2018 Agenda Topic

604 views • 44 slides

More recommend