The theft of up to 500 million customer records from the Marriott hotel group is a shocking reminder to everyone how vulnerable personal information is in the digital era.
Many millions of people who have stayed at Marriott’s 6,700 properties in 129 countries will have unwittingly given hackers their names, dates of birth, phone numbers, email addresses and passport numbers. The company has said the hack affected its Starwood reservation database which supports a group of hotels purchased in 2016 that includes the St. Regis, Westin, Sheraton and W Hotel chains.
Businesses across Sussex, Surrey, Hampshire and Kent will have used the hotel group’s services in recent years. Their employees may have lost personal information which can be used by hackers to try and get inside a company network to steal commercially-sensitive information.
Gary Jowett, from Computer & Network Consultants in Brighton, said: “Organisations that regularly use Marriott’s hotels should urgently review all security procedures. This includes ensuring a strict policy on passwords which need to be updated regularly and must be impenetrable rather than something that’s easy to guess like your Mum’s name or the name of your dog. A strong password uses a combination of capital and lowercase letters, underscores, numbers and special characters and you should use different passwords for every online account you hold.”
Ideally, the use of passwords will be retired as soon as possible by most individuals and businesses and replaced with two-factor or multi-factor authentication.
A verification code sent via text to your mobile is a common method. Or, you can use a small device that produces constantly-changing codes. By using a separate code, the hacker can’t complete the key to accessing your online account.
The theft of emails from Marriott’s database has also given criminals numerous phishing opportunities. They are probably sending out millions of emails purporting to be from employees’ banks, utility providers and other frequently-used services.
Be warned that social media is one major source of useful information to help them send you a relevant email. An email will have an embedded link or an attachment that unlocks the door to your computer and all your personal records. While most email services get rid of such emails, hackers are becoming increasingly sophisticated so a few will always slip through. It’s best to be on your guard at all times.
Essential to guarding against this cyber threat is to understand that data is often more important to cyber criminals than stealing money. Indeed, it’s thought the Marriott hack may have been the work of Chinese espionage in order to obtain information about new products and services that might compete against China’s businesses.
Gary Jowett says: “It’s wise to be cautious about what information you share via email because Marriott’s hackers may already have access to that email address. We all have to take the threat from cyber space as seriously as the physical threat of burglars to our homes and businesses. Always double check who is ‘knocking on your door’ in cyber space and view all email correspondence with caution.”