April 30, 2013 filfoto shows a man working on a new Marriott sign in front of the former Peabody Hotel…
April 30, 2013 filfoto shows a man working on a new Marriott sign in front of the former Peabody Hotel in Little Rock, Ark. Marriott says the information of up to 500 million guests at Starwood hotels has been compromised. | Associated Press File Photo by Danny Johnston, St. George News
NEW YORK (AP) ̵
1; Information stolen from the Marriott Hotel Empire in an extensive violation is so rich and specific that it can be used for espionage, identity theft, reputation attacks and even home breaks, security experts say. On March 25, 2016, the photo shows the dining room at the Four Points Sheraton Hotel in Richmond, Va., One of the hotel chains where information from as many as 500 million guests is compromised. Associated Press File Photo by Steve Helber, St. George News
Hackers stole information about as many as 500 million hotel guests over four years, getting credit cards and passport numbers and other personal data, Marriot acknowledged Friday.
It’s one of the biggest data violations in history. In comparison, last year’s Equifax hack hit more than 145 million people. A breakdown in 2013 affected more than 41 million debit card accounts and exposed contact information for more than 60 million customers.
But the goal here – hotels where high-end stores, romantic pressures and espionages are daily currencies – make data collected especially sensitive.
The affected reservation system can be very attractive to the interests of the national spies who are interested in traveling by military and senior officials, “said Jesse Varsalone, a university director of the Maryland cybersecurity expert.
“There are only so many things that you can extrapolate from people living in a hotel,” he said.
And because the information contained reservations for future stays, along with home addresses, burglary officials could learn when someone would not be at home, “said Scott Grissom of LegalShield, a legal service provider.
The affected hotel brands are run by Starwood before acquired by Marriott 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points. Starwood-labeled timeshare properties were also affected. None of the Marriott-labeled chains were threatened.
On February 1, 2010, the movie shows Westin Philadelphia hotel in Philadelphia, one of the hotel chains where information from as many as 500 million guests has been compromised. Associated Press File Photo by Matt Rourke, St. George News
E-mail messages for those who may have been affected began to roll out Friday, and the full scope of the violation was not immediately clear.
Marriott tried to determine if the purloined records contained duplicates, as a single person staying several times.
Security analysts were particularly worried about learning the undisputed life of the infringement. Marriott said it was first discovered on September 8th, but could not decide last week what data might have been exposed – for the thieves used encryption to remove it to avoid detection.
Marriott said it did not yet know how many credit card numbers may have been stolen. One spokesman said on Saturday that it was not yet possible to answer questions such as whether the infringement and data crimes were committed by one or more groups.
Cybersecurity expert Andrei Barysevich of the recorded future said he believed that the violation was economically motivated.
A cyber criminal threats expert in credit card theft like the Eastern European group called Fin7 may be a suspect, he said, noting that a dark web card provider recently announced that 2.6 million cards stolen from a named hotel chain would soon be available to the online criminal underworld.
On March 25, 2016, the file image shows the sign of the Four Points Sheraton Hotel in Richmond, Va., One of the hotel chains where the information amounts to as many as 500 million guests are compromised. | Associated Press File Photo by Steve Helber, St. George News
“We have to wait until an official forensic report, although Marriott can never share their findings openly,” said Barysevich.
Marriott said the stolen credit card The information was encrypted, but the hackers may have received “two components needed to decrypt the debit card numbers”. It said that it can not “rule out the possibility that both were taken.”
As many as two thirds of the victims, the exposed data may contain mailing addresses, phone numbers, e-mail addresses and passport numbers. Also date of birth, gender, date of reservation, slots and Starwood Preferred Guest account information.
Crimes against personal data can make Marriott in violation of new European laws on privacy, as guests included European travelers.
Marriott set up a website and call center for customers who believe they are in danger.
The FBI would not say if it was investigated but said in a statement that all those contacted by Marriott should “take steps to monitor and protect their personally identifiable information and report possible suspected identity theft cases to the FBI Internet Crime Complaint Center on www.ic3.gov. “
Passport number has previously been part of a hack, but it’s not common. They were among the record of 9.4 million passengers in Hong Kong-based airline Cathay Pacific, received in a crime announced in October.
In July 31, 2013, File Photo, W Hotel Owned by Starwood Hotels and Resorts Around the world is seen at New York Times Square, one of the hotel chains where information from as many as 500 million guests is compromised. | Associated Press file photo of Mark Lennihan, St. George News
Combined with names, addresses and other personal information, passport numbers are a bigger issue than stolen credit card numbers because thieves can use them to open fraudulent accounts, says analyst Ted Rossman of CreditCards.com.
The information describes how dangerous hotels can be for people worried about their privacy.
“Hotels have long been important public sources for local information for foreigners tracking: booking systems and loyalty programs took surveillance globally and made it easier for us to give up our integrity,” said Colin Bastable, CEO of Lucy Security.
Intelligence agencies in the United States is well connected to the global travel industry “with fair means or ugly,” he said, noting non-state cybercriminals now have the same hacking tools.
“Consumers have been injuries,” said Bastable. “And we are all consumers. “He recommends that hotels offer as little information as possible when booking and checking in.
Last year, cybersecurity firm FireEye highlighted an attempt by Russian state agents to attempt to infiltrate the reservation systems of hotels in Europe and the Middle East.
When the acquisition of the Marriot was announced In 2015, Starwood had 21 million people in its loyalty program ranks more than 6,700 properties worldwide, most in North America.
Marriott, based in Bethesda, Maryland, said in a legislative application that it is too early to say what economic impact the crime might have on the company . It said it has cyber insurance and is working with its operators to assess coverage.
Selected officials were quick to demand action.
Virginia Sen. Mark Warner said that the United States needs laws restricting data companies can gather customers and ensure that companies take into account the cost of security rather than making consumers “responsible for the burden and damage that results from these failures.”
Written by MICHELLE CHAPMAN, MAE ANDERSON and FRANK BAJAK, Associated Press.
Email: news @ stgnews.com
Copyright 2018 Associated Press. All rights reserved. This material may not be published, transmitted, rewritten or redistributed.