- A+
Records of 500 million customers of Marriott hotel group were compromised in data breach万豪酒店集团的5亿客户的记录在数据泄露方面遭到破坏
Marriott International hotel chain has revealed that its Starwood division's reservations database had been compromised by unauthorized third parties. 万豪国际连锁酒店透露,其喜达屋分部的预订数据库已遭到未经授权的第三方的侵害。 According to an internal investigation by specialists in digital forensics, an attacker had gained access to the Starwood network since 2014.根据数字取证专家的内部调查,自2014年以来,攻击者已获准进入喜达屋网络。
Marriott International claims that it is notifying registered customers in the compromised database.万豪国际集团声称它正在通知受损数据库中的注册客户。
Starwood was absorbed by Marriott in the year 2016, consolidating it as the largest hotel chain in the world, with more than 5800 establishments worldwide. 2016年,喜达屋被万豪集团吸收,巩固其作为全球最大的连锁酒店,在全球拥有5800多家酒店。 Starwood's division includes brands such as W Hotels, Sheraton, Le Méridien and Four points by Sheraton.喜达屋的分部包括W酒店,喜来登,艾美酒店和Four Points by Sheraton等品牌。 Marriott brand Hotels Use a separate reservation system on a different network than other brands on your property.万豪品牌酒店在与您酒店的其他品牌不同的网络上使用单独的预订系统。
Marriott said his internal digital forensics team detected that a third party was trying to access the Starwood database.万豪表示,他的内部数字取证团队检测到第三方试图访问喜达屋数据库。 Continuing his research, the company discovered that “an unauthorized actor copied and encrypted the information”.继续他的研究,该公司发现“未经授权的演员复制并加密了信息”。
According to company estimates, the compromised database contains records of up to 500 million customers, of which about 320 million records included information such as customer name, address, phone numbers, email address, Passport number and account information.据公司估计,受感染的数据库包含多达5亿客户的记录,其中约3.2亿条记录包括客户姓名,地址,电话号码,电子邮件地址,护照号码和帐户信息等信息。
In some cases, customer records also included encrypted information on payment cards, although the possibility that encryption keys have also been stolen is not yet dismissed.在某些情况下,客户记录还包括支付卡上的加密信息,但加密密钥也被盗的可能性尚未被驳回。
“We deeply regret this incident. “我们对这一事件深感遗憾。 Marriott has already alerted to the authorities and will continue to collaborate in the investigation”, mentions a statement from the company.万豪已经向当局发出警告,并将继续合作进行调查“,该公司提供了一份声明。
The company has created a website to address the concerns of users worried about the status of their personal information.该公司创建了一个网站,以解决用户担心其个人信息状况的担忧。 According to experts in digital forensics, the company will offer affected customers a year of free anti-fraud protection services.据数字取证专家介绍,该公司将为受影响的客户提供一年免费的反欺诈保护服务。
On the other hand, the United Kingdom's Information Commissioner Office (ICO) stated: “We received a data breach report from Marriott that involves its Starwood brand.另一方面,英国信息专员办公室 (ICO)表示:“我们收到万豪的数据泄露报告,涉及其喜达屋品牌。 If costumers have any doubts about the treatment that the company has given to their personal data, they can go to ICO”.如果客户对公司对其个人数据的处理有任何疑问,他们可以去ICO“。
Although this is not the largest data breach known, it is among the worst.虽然这不是已知的最大数据泄露,但它是最糟糕的。 The attackers not only accessed and copied 500 million records, but remained on Starwood's systems for almost three years.攻击者不仅访问和复制了5亿条记录,而且还在喜达屋的系统上保留了近三年。 And, although the information on the payment cards was encrypted, digital forensics specialists from the International Institute of Cyber Security do not rule out that the encryption keys have also been stolen.而且,虽然支付卡上的信息是加密的,但国际网络安全研究所的数字取证专家并不排除加密密钥也被盗。
Even though Marriott's main office is in the United States, the hotel group must comply with the EU's General Data Protection Regulation (GDPR), as the company works with the personal information of citizens of the European Community.尽管万豪酒店的总部位于美国,但酒店集团必须遵守欧盟的通用数据保护条例 (GDPR),因为该公司正在处理欧洲共同体公民的个人信息。 Therefore, although the incident is being investigated by the ICO in the United Kingdom, the company could be penalized according to the provisions of the GDPR .因此,虽然该事件正由英国ICO调查,但该公司可能会根据GDPR的规定受到处罚。
In addition, this incident could cause the propagation of phishing or extortion campaigns through compromised information, so the problems for the hotel chain have just started.此外,这一事件可能会导致网络钓鱼或勒索活动通过泄密信息传播,因此酒店连锁店的问题才刚刚开始。 For its part, Marriott says it will not send any email notifications with attachments, and will not request any information from its customers in this way.就其本身而言,万豪表示不会发送带附件的任何电子邮件通知,也不会以这种方式向客户请求任何信息。