« ENISA Tips for cybersecurity when buying and selling online | Main | NIST SP 800-175B Rev. 1 Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanism »

2020.04.01

Marriott Hotelで最大520万人の顧客データが漏洩したかも・・・またですかって感じですが。。。

こんにちは、丸山満彦です。

Marriott Hotelグループが最大520万人の顧客データが漏洩したかもと発表しています。

パスワード、クレジットカード番号関係、パスポート番号関係は漏洩していないようで、名前、住所、電子メール、電話番号、アカウント番号、ポイント残高、勤務先、誕生日等が漏洩している可能性があるそうです。。。

Marriott International

・2020.03.31 Marriott International: Incident Notification

-----

What Happened?

Hotels operated and franchised under Marriott’s brands use an application to help provide services to guests at hotels. At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests.

Although our investigation is ongoing, we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.

At this point, we believe that the following information may have been involved, although not all of this information was present for every guest involved:

  • Contact Details (e.g., name, mailing address, email address, and phone number)
  • Loyalty Account Information (e.g., account number and points balance, but not passwords)
  • Additional Personal Details (e.g., company, gender, and birthday day and month)
  • Partnerships and Affiliations (e.g., linked airline loyalty programs and numbers)
  • Preferences (e.g., stay/room preferences and language preference)

-----

The Register

・2020.03.31 Marriott Hotels hacked AGAIN: Two compromised employee logins abused to siphon off guests' personal info - How many customers' deets? It's not saying just yet

・2019.01.04 Marriott: Good news. Hackers only took 383 million booking records ... and 5.3m unencrypted passport numbers - Plus an extra 20m passport digits and 8.6m payment card details, though encrypted

CNET

・2020.03.31 Marriott data breach exposes over 5 million people: Latest major security hack - The hotel chain's latest security breach is just one of dozens that have revealed guests' personal details.

|

« ENISA Tips for cybersecurity when buying and selling online | Main | NIST SP 800-175B Rev. 1 Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanism »

Comments

Post a comment



(Not displayed with comment.)




« ENISA Tips for cybersecurity when buying and selling online | Main | NIST SP 800-175B Rev. 1 Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanism »