The Threat of Data Breaches, How to Avoid Becoming a Victim
July 06, 2022 | 4 minutes read
Despite the fact that 2021 saw the highest number of data breach occurrences in recorded history, many companies, both domestically and internationally, continue to foster an environment that allows cybercriminals to access supposedly confidential or sensitive data with relative ease. What’s more, the rise of the COVID-19 pandemic has led to an increase in cybercrime in general, putting major companies and small businesses alike at greater risk as it pertains to the protection of personal data. To illustrate this point further, multinational hotel giant Marriot recently confirmed that the company experienced a data breach on July 6, 2022, that led to the unauthorized disclosure of over 20 gigabytes of customer data.
Marriot data breach
As stated by Marriott spokesperson Melissa Froehlich in a statement provided to online newspaper TechCrunch “Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer”. While this quote is very straightforward, it provides consumers with a great level of insight into the effortless manipulation of personal data that businesses around the globe are faced with on a daily basis. By simply accessing a single employee’s computer within a Marriott hotel location, a cybercriminal was able to access the information of up to 400 people, including credit card details, among various other forms of personal data.
A recurring theme
What’s more, the data breach that Marriot International experienced last week was far from the first of such events that the company has faced, as the hotel giant has experienced numerous security breaches in recent years. For example, in 2018, Marriot International suffered a data breach that affected a group of more than 45 million U.S. citizens across multiple states, including California, Connecticut, Florida, Georgia, Maryland, and New York. Likewise, the company confirmed in 2019 that this data breach led to the illegal dissemination of 5.25 million unencrypted passport numbers, as well as 20.3 million encrypted passport numbers. To this point, a class action lawsuit was filed against Marriot International in May of 2022 in response to the company’s failure to protect the personal information of its employees and guests.
On top of this, Marriot International experienced a data breach in 2014 that affected more than 340 million customers worldwide, in what has been described as one of the largest security breaches in history. To exacerbate the issue even further, the Hotel company did not notify their employees or customers about the breach incident until 2018, as a wide range of cybercriminals and hackers had access to this trove of personal data for several years. Moreover, Marriot International experienced another major data breach in early 2020 at the onset of the COVID-19 pandemic, as the personal information of more than 5.2 million hotel guests was once again released to the general public without proper authorization.
Data security and redaction
While the events that Marriot International has experienced in the past decade as it concerns data breach incidents happened in large part due to incompetence and negligence on behalf of the company, all businesses that handle the personal data of consumers are at risk of such occurrences. As personal data has almost become an unofficial currency amidst our current digital age, many businesses of all scopes and sizes routinely collect and store personal information about their respective customers. As this amount of data continues to grow over time, the risk that said data will be accessed by bad actors increases exponentially. With all this being said, one way that businesses can protect themselves against security breaches is by redacting the personal information they keep on file.
In keeping with the example of a data breach that happens at a major hotel chain such as Marriot International, such businesses retain a host of personal data, irrespective of the fact that much of this information will not be relevant to a hotel guest’s stay at a particular hotel location. To this end, a hotel such as Marriot International could use an automatic redaction software program to redact the information they keep on file when booking guests into hotels, ensuring that this information does not fall into the hands of nefarious criminals. As these software programs contain automatic functionality, redacting this information will only take a matter of minutes, giving businesses the ability to avoid the loss of money and reputational harm that is associated with major data breach incidents.
The case of Marriot International truly highlights the problems that can arise when a business does not do everything in its power to protect the data of its numerous customers. While all businesses that handle large amounts of sensitive data will be prone to security breach incidents, simply redacting this information when it is not in use can save companies years of financial loss and unnecessary hassle. While the long-term implications of the multitude of data breaches that Marriot International are yet to be clear, the losses that the company has faced and stands to face could have been easily mitigated by redaction software, as failing to protect personal data at any level will always be a zero-sum game.