Marriott 500 Million Person Data Breach (Questions/Answers)

November 30th, 2018 by Julie Lough

How Marriott Got Caught In A 500-Million Person Data Breach

Marriott Data Breach

Were You Affected? (Your Questions Answered)

What Do We Need To Know About The Marriott Breach?

Another big corporation got hooked. This time it was Marriott International. They just revealed that their Starwood reservations database of 500 million customers was hacked and that the personal information of up to 327 million guests was stolen. And, this has been going on since 2014!

How Did This Happen?

  • On September 8, 2018, Marriott was alerted about an attempt to access the Starwood guest reservation database.
  • They contacted leading security experts to help them determine what occurred. Marriott said that the hacker copied, encrypted and removed their customers’ data.
  • On November 19, 2018, Marriott was able to decrypt the data and learned that it was from the Starwood guest reservation database.

Marriott acknowledged that the encryption security keys for this data may have fallen into the hands of hackers. This allowed them to access the massive amount of data. Secure systems lock up data and should store the encryption keys in a location that’s separate from the confidential information.

Some good questions to ask here are:

“How did the criminals get Marriott’s encryption keys?

“Why did it take so long for Marriott to reveal the breach?” They learned about it in September which is over two months ago.

And, this was a 4-year long breach! “Why didn’t Marriott know that their customers’ data was being stolen over this long period?”

Maybe we’ll find out the answers to these questions, and perhaps not. What’s for sure is that you are on your own when it comes to protecting your confidential data.

How Do I Know If My Data Was Stolen?

If you are a Starwood Preferred Guest member and your data was stored in the Starwood property’s database (which includes Sheraton, Westin and St. Regis hotels, among others) you need to be on alert.

As mentioned, this data breach goes all the way back to 2014 and includes names, passport numbers, email addresses and payment information for approximately 327 million travelers – a “big catch” for any hacker. Even your date of birth, gender, reservation dates and communication preferences may be included in the breach.

Should I Contact Marriott?

Marriott set up a website and call center for customers who were impacted by the data breach. Email notifications are also being rolled out.

Marriott is also offering affected customers the option to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert if your personal information is found. If you live in the U.S., you’ll also be offered fraud consulting services

What Else Should I Do?

If your data was stolen, you should observe for incidents of identity theft. Also, watch for phishing emails where hackers try to impersonate someone you trust to take information or money from you.

Arrange For Security Awareness Training For Your Employees

If your business data was involved, make sure that you arrange for Security Awareness Training for your employees to train them to recognize phishing attempts. This includes:

  • Baseline Testing to assess the Phish-prone percentage of your employees through a free simulated phishing attack.
  • Training For Your Users with content that includes interactive modules, videos, games, posters, and newsletters.
  • Simulated Phishing Attacks that utilize best-in-class, fully automated, simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
  • Reports with statistics and graphs for both training and phishing for your management to review.

Whether your business was involved in the breach or not, Security Awareness Training for your employees is always a good idea.

Another good idea is to sign up for Dark Web Scanning Services.

Get Dark Web Scanning For Your Confidential Business Data

The Dark Web is a secret internet society that’s only accessible to a select group of criminals. Criminals use it to take stolen data (like the Marriott/Starwood customer information) and dump it on the black market for sale.

Dark Web Scanning is a sophisticated monitoring solution that helps businesses of any size detect cyber threats that expose their stolen business accounts, email addresses, payment information, and other confidential data that’s on the Dark Web. It also does this in real time and detects any of your compromised credentials or information before criminals can use it for profit or other crimes.

Don’t Count On The Marriott’s Of The World To Protect Your Business Data – You Must Do This Yourself

Contact us for information about Data Protection, Security Awareness Training and Dark Web Scanning. We have a Suite of IT Security Solutions to help you keep your business data secure.

 

 

 


Overcoming Your Hesitation to Moving to the Cloud

November 18th, 2018 by Julie Lough

If you haven’t moved your business to the cloud – partly or completely – you aren’t alone. Business owners in many industries have been reluctant to make the move. But that’s starting to change. Rapidly.

More and more, business owners are realizing the productivity and security improvements they can achieve using cloud and hybrid cloud solutions over relying on their solely on-premises technology infrastructure.

What is “Moving to the Cloud?”

We hear and read the phrase “moving to the cloud,” but what does it actually mean?

Some people seem to believe it’s when you store your data in the cloud – that is, taking advantage of the scalable, predictable expense of having their data redundantly stored in geographically dispersed data centers protecting it from natural or manmade disasters. Indeed, that is one way of “moving to the cloud.” But that’s not all.

Read the rest of this entry »


Why is my Windows 10 Pro Deactivating?

November 11th, 2018 by Julie Lough

If you are experiencing problems with your Windows 10 Pro operating system, you are not alone. Thousands of users from the US, Japan, and South Korea flooded tech message boards late this week with complaints that their legitimately purchased software was deactivating itself.

Windows 10 Pro Deactivating

What Exactly Happened?

Starting on November 8, comments began to appear online from several users expressing frustration over the pop-up messages they received from Microsoft after booting up their computers. These messages included the error codes: 0xC004C003 or 0xC004C003, and incorrectly implied that the users were trying to run illegal copies of the Windows 10 Pro edition on their computers. Those affected by the glitch were then prompted to install the Windows 10 Home edition or to purchase a genuine copy of the Pro edition from the Microsoft store. Anyone who received a deactivation warning was still able to operate the computer using the Windows 10 Pro edition, although distracting watermarks were plastered across the screen.

Microsoft acknowledged that the company was fully aware of the DMR issue within hours of the first messages showing up online. A statement released from the company said it was still trying to determine the reason behind the deactivations to provide a fix, but at the time the exact cause was unknown. Engineers from Microsoft suspected that “some unspecified issue with the Windows Authentication servers” was the cause behind the deactivations.

On Friday, a day after Microsoft first address the deactivations, the company released an update about the bug:

“A limited number of customers experienced an activation issue that our engineers have now addressed. Affected customers will see the resolution over the next 24 hours as the solution is applied automatically. In the meantime, they can continue to use Windows 10 Pro as usual.”

As of Saturday, some users online were still reporting problems with their operating system.

Will This Affect Me?

The good news is that the deactivation problem seems to be affecting only a small portion of the total number of Windows 10 Pro edition users. Of the licenses which were affected, the vast majority of them were digitally updated from an early version of Windows. If you have not already received the warning after restarting your system, there is a good chance that your copy of the operating system is not affected by this bug. But for those who hit with the glitch, you have several options.

What Can I Do About It?

First, don’t panic and assume that you need to repurchase a new license for the Windows 10 Pro edition if you are still receiving a warning as of today. As long as you are using a genuine version of the operating system, there is no need to buy another copy, as the fix will automatically take effect. The best thing to do is just to wait. But if you are unwilling to wait, you can attempt to correct the issue on your own by running the Troubleshoot app. You can access the Troubleshoot app by going to Settings then clicking on Update & Security followed by Activation, and finally to Troubleshoot. This should correct the issue immediately.