You have probably heard about the latest major data breach, right? The Starwood hotel chain, which is owned by Marriott, was hacked. More than 500 million people were affected by it, and now, we have learned that a hostile, foreign intelligence service is likely behind it.
Most of the data that was compromised is unsurprising, such as emails and names, but other information that was accessed is a bit puzzling. This includes passport information and where people traveled. A U.S. intelligence official, who does not want to be identified, has said that this breach fits the mold of China being behind it.
Though there is nothing specific to point the finger at China, the techniques, tools and procedures that were used are commonly being used by hackers who work for the Chinese government. However, it is important to keep in mind that other hackers would also have access to these tools.
For now, the investigation is continuing into the data breach, and nothing official has been released. The FBI continues to remain on the case, and Marriott has said that it has no idea who or what is behind this hack. At this point, they are choosing not to speculate.
The hotel chain has both internal and external teams working on exposing the hackers, and the main clue they are focusing on is the type of data that was accessed, such as passport numbers and the times and dates that people checked in and checked out of the hotel. This information could be very valuable to foreign countries, including China, who might want to create counterfeit passports. The State Department, however, has told NBC News that a new passport could not be made by using passport numbers alone.
This hack is part of a series of hacks that have plagued businesses over the past few years and recent months. In fact, this hack went on for four years before Starwood even realized that it was getting hacked! This is a pretty long time when you consider that the average hack goes on for 101 days before it’s discovered. What’s even more disturbing is the fact that the company knew about this hack since September, but it didn’t announce it until the beginning of December.
Marriott has responded to this. It says that it is improving the way it deals with cyber security, and, in addition to working out what happened in this hack, it is analyzing how it can improve the way it deals with customer data.