Asking the Tough Questions about the Starwood Data Breach

By now it is old news. Everyone has heard about the Marriott data breach. The headlines late last year told the story: “GDPR May Add Up to $915M Marriott’s Data Breach Expenses,” proclaimed Forbes in a headline; “New Year, new tactics to keep your personal info safe after Marriott,” said the Los Angeles Times; “Marriott: Hackers accessed more than 5 million passport numbers,” stated The Washington Post.

And, it wasn’t really even Marriott—at least, not when it started. However, even suggesting that we can identify when the breach was initiated is a tenuous supposition. Perhaps the most frightening aspect of the entire debauched state of affairs is that no one truly knows who has the data and what they intend to do with it.

Yet, almost everyone leads with Marriott Hotels since it makes for a better soundbite. To be clear, it was Starwood’s guest reservation database that exposed up to 500 million records, which included the most personal and horrifically useful datapoints. Marriott inherited this mess when it acquired Starwood Hotels & Resorts Worldwide. The Marriott Hotels reservation system was not affected by the breach.

This breach of Starwood’s reservation system included names, addresses, phone numbers, passport numbers, birthdates, and genders in Starwood’s Loyalty Program account information. Starwood brands include St. Regis Hotels & Resorts, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Meridien Hotels & Resorts, and W Hotels.

As the horror gradually revealed itself similar to a slowly opening barn door on a moonlit evening in a Stephen King short story, it became clear that the breach had been lurking within the system for an indeterminate number of years.

As per its main focus of news-entertainment, much of the media has focused on the more sensational sound bites and dramatic visuals as opposed to taking the time to ask the really important questions, such as: What happened to the data?

Read the full article at Big Data Quarterly here: