Another Day, Another Hotel Breach
November 30, 2015 | DevOps | joanna mastrocola
Looks like another popular hotel chain has been hacked. Starwood hotels has reported that payment systems at 54 of its locations were targeted by a malware attack. Credit card information such as first and last names, card numbers, expiration dates, and security codes were taken, however, personal information such as billing addresses, etc were unaffected.
As we’ve previously discussed, it is crucial for enterprises to make sure that third party providers are adequately securing data. The Starwood breach is an example of this, as the payment systems that were hacked were third party POS machines located in gift shops, restaurants, and coffee shops.
Here’s what you need to know:
Starwood maintains that the guest reservation system was not compromised in the hacks so if you didn’t dine at the hotel or make any purchases outside of the room, you’re sage. For some of the affected hotels, information was exposed for months, the breach going undetected for months.
This is a comprehensive list of the all of the breached hotels. In additional to hotels names it also provides the dates during which credit cards could have been compromised.
If you’re currently staying at a Starwood hotel, or are planning on relaxing there during the upcoming holidays, not to worry, the situation has been handled, the malware is no longer a threat, and all credit card information is now secured.
This piece from eWeek mentions It took almost 5 months for the breaches to be reported. This doesn’t seem to be much of a coincidence, as Starwood was very recently acquired by Marriott International. It would make sense that Starwood wouldn’t publicize the breach until after the deal was done.
If these POS devices had better security and audit capabilities in place, perhaps the breaches wouldn’t have gone undetected for as long as they did. Thankfully, with each new breach new pressure is put on enterprises to have better security in place to protect consumer data. Hopefully, the new year will mean a new commitment toward secrets management and infrastructure security.
If you and your organization are just getting started with your 2016 security planning, or are in the process of moving to a hybrid cloud strategy, it is vital that you do your research before getting started. We’ve created a free, dynamic security glossary that has all the information you need to get you up to speed in no time.