The Marriott Data Breach: Indeed a Wake-up Call for Proactive Data Defense

There is something fundamentally wrong with customer data defense. Security and privacy tools that handle customer data are certainly in need of a makeover

Last week, one of the biggest information heists in history came to light. Global hospitality major Marriott International apologetically admitted that hackers had broken into personal data of nearly half-a-billion of their customers.

What made the theft look scarier is the fact that the perpetrators were able to keep their acts under the warps for four full years—from 2014 to 2018.

In the past too, there have been several instances where customer data has been stolen or unintentionally exposed into the public domain. The one involving Facebook and Cambridge Analytica was one of the most discussed ones in recent months. In the banking sector, the one pertaining to JP Morgan Chase in 2014 has been major. However, in terms of sheer scale, nothing beats the Yahoo data leak of 2016, in which up to 3 billion customers’ data was estimated have leaked out.

The Marriott data theft is certainly not dwarfed by any of the prior other episodes. It deserves special attention, particularly because it went on undetected for such a long period of time on such a large magnitude. That makes the distress for customers unprecedentedly high.

For Marriott, the financial implications too could be enormous, not only in terms of the immediate penalties imposed by regulators but also in terms of the business impact caused by a likely dent in the goodwill. If the authorities were to invoke the upper penalty limit of four percent of the company’s global turnover, there exists a potential for the fine to be as high as $916 million, media reports in the UK have said.

It is about time that companies that get to handle large sets of customer data in the course of doing their businesses, act with an acute sense of urgency. Despite their best of intentions and investments, loopholes currently exist and get exploited by the not-so-well-intending groups called hackers.

Big or small, all these data hacks bring out the fact that something is fundamentally wrong with the tools and processes attached with the tasks of data security and privacy.These tools and processes are quite likely to prove even more insufficient as businesses make further into the new digital-driven world order.

Top