#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Marriott International | Breaking Cybersecurity News | The Hacker News

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests
Mar 31, 2020
International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a statement . "We believe this activity started in mid-January 2020. Upon discovery, we confirmed that the login credentials were disabled, immediately began an investigation, implemented heightened monitoring, and arranged resources to inform and assist guests." The incident exposed guests' personal information such as contact details (name, mailing address, email address, and phone number), loyalty account information (account number and points balance), and additional information such as company, gender, dates of births, room preferences, and language preferences. The ho

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach
Jul 09, 2019
After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million ($123 million) fine under GDPR over 2014 data breach. This is the second major penalty notice in the last two days that hit companies for failing to protect its customers' personal and financial information compromised and implement adequate security measures. In November 2018, Marriott discovered that unknown hackers compromised their guest reservation database through its Starwood hotels subsidiary and walked away with personal details of approximately 339 million guests. The compromised database leaked guests' names, mailing addresses, phone numbers, email addresses, dates of birth, gender, arrival and departure information, reservation date, and communication preferences. The breach, which likely happened in 2014, also exposed unencrypted passport

SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework
Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a

500 Million Marriott Guest Records Stolen in Starwood Data Breach

500 Million Marriott Guest Records Stolen in Starwood Data Breach
Nov 30, 2018
The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels. The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen. The breach of Starwood properties has been happening since 2014 after an "unauthorized party" managed to gain unauthorized access to the Starwood's guest reservation database, and had copied and encrypted the information. Marriott dis

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

cyber security
websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Cybersecurity Resources