Cyber Security Breach in Hospitality
Introduction
After carrying out an audit on Padgett-Beale Company’s safety guidelines, practices and strategies, CyberOne insurance company discovered that most of the PBI operational units failed to define plans meant to address data breaches hence the audit concluded that the company lacked the capacity to return to vital data breaches. More so, CyberOne Company highlighted its intention to withdraw PBI’s monthly subscription from the insurance company. PBI would only be allowed to renew its insurance company if they would put in place measures to safeguard their data. The role of cyber insurance is covering a company’s liability for data breaches such as valuable customer information or even security numbers. The emergence of cyber threats has drawn all the attention in cyber security mechanisms. Addressing cyber security threats has forced most organizations to define challenges that their organizations face before they actually occur.
Analysis Section
Specific Data Types
The data breach affect clients who had booked their rooms at the spacious hotel. The information breached included personal information such mail addresses, mobile numbers, email address, passport data, and reservation periods among other types of information. The breach of data went against private laws thus exposed the patrons to more danger because most of the information divulged their location and financial status (Sawyer, 2019). Exposure of personal data left the patrons insecure and exposed to indirect dangers such kidnapping and extortion. In terms of long term impact, other potential customers would not trust the company and its reputation was destroyed. Perhaps, one of the most notable undoing is the loss of trust among clients.
Government Agencies Findings
According to government agencies, the data breach exposed personal data of more than 500 million people. Before checking into the hotel, the patrons were required to reveal crucial personal data such as credit card, address and even passport data (Starwood, 2019). Thus, when hackers got into their system, the personal information got into the wrong hands. The intrusion coincided with others hence a call for action to come up with effective ways of securing information hence government agencies came up with a compilation of likely targets (Clark, 2018). Also the government agencies were not sure if the data breach at Starwood was tied to other data breaches that occurred in that same period. Most business entities hold vast amounts of personal information. Personal information is collected, processed and stored for later use. Holding numerous amounts of information makes these organizations susceptible to cyber-attacks. Cyber insurance assists to cover expenses involved in putting in place security systems that would prevent cyber-attacks.
Penalties against Marriot International Hotel
After a broad investigation into the data breach, government agencies fined Marriot International more than 99,000,000 for violations of information safety. Due to the extensiveness of the data breach more than one government agency looked into the issue. The hotel’s systems were comprised hence facilitating the breach of data. It is vital to note that the first attack occurred in 2014 but the hotel managers noticed the incidence in 2018. Due to this negligence, government agencies claimed Marriot failed to safeguard the information of its patron hence it should be heavily fined. In addition, the government agencies claimed that the hotel would have used reliable technology to perform essential activities such as storage of personal information. As companies adapt more technological ways of operating business, cyber risk increases.
Specific Recommendations
Organizations should be able to recognize common cyber insecurities. Cyber threats may assume numerous forms hence the company must formulate ways of mitigating the risks. Also, organizations should put in place all the guidelines that would help them prevent cyber-attacks. For the sake of coming up with more than one way of covering data breaches, most organizations are should limit accessibility to valuable information so that no one exposes the system to harmful cyber-attacks (Marsh, 2021). Also, companies should update their systems as often as possible with the aim of bettering their frameworks and rectify weakness that exist in the loopholes. Additionally, the installation of firewalls creates a barrier hence preventing cyber criminals from accessing internal systems.
Even though cybercrime is a recent concept, it is normally defined as the occurrence of a destructive action which is connected to technological software (Tidy, 2020). With the increasing usage of internet enabled devices, in the hospitality sector world, the intricacy of the issue especially at Starwood was not easily to solve. Most of the experts offered an accurate breakdown of the matter at hand also gave into the classification of the cybercrime.
In summary, CyberOne concluded that PBI had not put in place the necessary measures to prevent an imminent cyber-attack. These conclusion came after screening the company’s policies, plans and existing mechanisms. The immediate action was to sue the hotel because it took personal information which its customers entrusted it with without putting in place measures that would secure the information from being accessed during an attack. The company was supposed to update its information technological systems to ensure that most of the information are secured in an effective manner.
References
Clark, P. (2018). Marriott Starwood Data Breach Highlights Silent Cyber Risk in Acquisitions. Insurance Journal. Retrieved 4 February 2021, from https://www.insurancejournal.com/news/national/2018/12/03/510811.htm.
Marsh. Marsh.com. (2021). Cyber Risk Insurance Retrieved 4 February 2021, from https://www.marsh.com/us/services/cyber-risk.html.
Sawyer, w. (2019). Guide to Cyber Liability Insurance. Woodruffsawyer.com. Retrieved 4 February 2021, from https://woodruffsawyer.com/wp-content/uploads/2019/06/40842_Woodruff-Sawyer-Cyber-Buying-Guide_Final.pdf.
Starwood breach — Krebs on Security. Krebsonsecurity.com. (2019). Retrieved 4 February 2021, from https://krebsonsecurity.com/tag/starwood-breach/.
Tidy, j. (2020). Marriott Hotels fined £18.4m for data breach that hit millions. BBC News. Retrieved 4 February 2021, from https://www.bbc.com/news/technology-54748843.
