In this edition the Knogin's "Breacher Report" we focus on the recent Marriott-Starwood data breach that has been the talk of the cyberworld.
Here is a brief look at the timeline of events.
* On November 30, 2018 Marriott announces Starwood reservations database security incident.
* On November 19, 2018 Marriott's investigation determined there was an unauthorized access to guest information on Starwood reservations system on or before September 10, 2018.
* On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States.
* Upon investigation, it was determined by leading security experts that there had been unauthorised access to the Starwood network since 2014. While that may seem like a long time, it is not uncommon that major breaches often go undetected for many years.
What records were affected?
Marriott believes there were approximately 500 million guest records who made a reservation at a Starwood property. For approximately 327 million of these guests, information includes some combination of name, mailing address, phone, email, passport numbers, Starwood Preferred Guest account information, DOB, gender and in some cases payment card data such as numbers and expiration dates
What actions has Marriott taken as a result?
* Created a dedicated website and call center to respond to customer questions. (info.starwoodhotels.com)
* Sent emails to affected guests.
* Providing guests with free one year enrollment in Webwatcher, an internet monitoring service that alerts consumers if evidence of their personal information is found.
This event was serious enough that the the Federal Trade Commission (FTC) has released an alert on the Marriott Data Breach to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database.
What Knogin's take on all of this?
This is another incident that reminds me of the saying, "let's close and lock the the stable door after the horse has bolted". Bottom line, is - its too late! The damage has been done.
In the spirit of overusing old sayings, this is a lesson for all companies that an "ounce of prevention is worth a pound of cure".
The root cause of the Starwood data breach is currently unknown and no doubt additional details will emerge in the weeks and months ahead. One thing is certain: A breach of this size is hardly ever the result of a single flaw. Rather it's the result of a threat actor that somehow got into the network and then was able to move around laterally without being detected.
Providing enterprise-class levels of security for your network and end points and detecting breaches and lateral intrusions is something that the Knogin's CyberEASY can help you with.
Find out how CyberEASY helps companies improve their security posture.
his latest massive records breach, unfortunately highlights the importance of having the proper tools, processes and procedures in place.
When there are important breaches that might affect you, we will let you know
here in The Breacher Report. Here is the latest...... Eurostar.
Eurostar has forced all of its customers to reset their passwords after detecting an "unauthorised attempt" to hack into its systems and access their accounts.
According to a spokesman for Eurostar, "We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to access eurostar.com accounts using your email address and password," the company told customers.
"We've since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn't log in during this period, there's a possibility your account was accessed by this unauthorised attempt."
"This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts, so as a precaution, we asked all account holders to reset their password. We deliberately never store any payment details or bank card information, so there is no possibility of those being compromised."
Here is a copy of the Eurostar email:
Eurostar has yet to confirm how many people have been affected by this data breach or whether any data has been taken.
The company has reported the data breach to the Information Commissioner's Office.
An ICO spokesman said: “We’ve received data breach report from Eurostar and are making enquiries.”
Be sure to subscribe to our Blog to stay informed on this and other important Cybersecurity information.