Written by Ken Gilmour
on December 10, 2018

Marriott-International-Starwood-Data-BreachIn this edition the Knogin's  "Breacher Report" we focus on the recent Marriott-Starwood data breach that has been the talk of the cyberworld.

Here is a brief look at the timeline of events.
* On November 30, 2018 Marriott announces Starwood reservations database security incident

* On November 19, 2018 Marriott's investigation determined there was an unauthorized access to guest information on Starwood reservations system on or before September 10, 2018. 

* On September 8, 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States. 

*  Upon investigation, it was determined by leading security experts that there had been unauthorised access to the Starwood network since 2014.  While that may seem like a  long time, it is not uncommon that major breaches often go undetected for many years.  

What records were affected?

Marriott believes there were approximately 500 million guest records who made a reservation at a Starwood property.  For approximately 327 million of  these guests, information includes some combination of name, mailing address, phone, email, passport numbers, Starwood Preferred Guest account information, DOB, gender and in some cases payment card data such as numbers and expiration dates

What actions has Marriott taken as a result?
* Created a dedicated website and call center to  respond to customer questions.    (
* Sent emails to affected guests.
* Providing guests  with free one year enrollment in Webwatcher, an internet monitoring service that alerts consumers if evidence of their personal information is found.

This event was serious enough that  the  the Federal Trade Commission (FTC) has released an alert on the Marriott Data Breach to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database.

What Knogin's take on all  of this?
This is another incident that reminds me of the saying, "let's close and lock the the stable door after the horse has bolted".   Bottom line, is - its too late!  The damage has been done.

In the spirit of overusing old sayings, this is a lesson for all companies that an "ounce of prevention is worth a pound of cure".

The root cause of the Starwood data breach is currently unknown and no doubt additional details will emerge in the weeks and months ahead. One thing is certain: A breach of this size is hardly ever the result of a single flaw. Rather it's the result of a threat actor that somehow got into the network and then was able to move around laterally without being detected.

Providing enterprise-class levels of security for your network and end points and detecting breaches and lateral intrusions is something that the Knogin's CyberEASY can help you with.
Find out how  CyberEASY helps companies improve their security posture

















his latest massive records breach, unfortunately highlights the importance of having the proper tools, processes and procedures in place.    

When  there are important breaches that might affect you,  we will let you know
here in The Breacher Report.   Here is the latest...... Eurostar.

According to a report by the BBC,   Eurostar has reset its customers' login passwords after detecting attempts to break into an unspecified number of accounts.


Eurostar has forced all of its customers to reset their passwords after detecting an "unauthorised attempt" to hack into its systems and access their accounts. 

According to a spokesman for Eurostar, "We have taken this action as a precaution because we identified what we believe to be an unauthorised automated attempt to access accounts using your email address and password," the company told customers. 

"We've since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn't log in during this period, there's a possibility your account was accessed by this unauthorised attempt."

"This email was sent after we identified what we believe to be an unauthorised automated attempt to access customer accounts, so as a precaution, we asked all account holders to reset their password. We deliberately never store any payment details or bank card information, so there is no possibility of those being compromised."

Here is a copy of the Eurostar email:


Eurostar has yet to confirm how many people have been affected by this data breach or whether any data has been taken. 

The company has reported the data breach to the Information Commissioner's Office.
An ICO spokesman said: “We’ve received data breach report from Eurostar and are making enquiries.”

Be sure to subscribe to our Blog to stay informed on this and other important Cybersecurity information.

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Cyber News

Intel Processor Vulnerable to Sensitive Data Leakage - NetCAT

Cyber News Cybersecurity Awareness

Hello Admin 12345, your days are numbered.

Have you ever heard of a ‘common sense law’? Well, California just passed SB327 that raises cybersecurity standards.  An...

Cyber News

Sectors Investing the Most and Least on Cyber Security in 2018

According to a recent article by Nathan Kitto published in BusinessNewsWales, over the last few years, the frequency and...