Marriott Breach: the Cyber Risk of Acquisitions

Cyber risk is assumed when the acquiring company buys the target company. Without the proper assessment, your company could be acquiring a ticking time-bomb of cyber-insecurity.

Will this be the breach that further amplifies the kinds of cyber risk organizations inherit when they acquire another organization?

If you haven’t heard, Marriott International recently reported that it suffered a data breach of potentially 500 million guests.

Marriott has been known as a very good hotel chain when it comes to protecting consumer data. It’s a shame to hear so many guests may have had their information exposed.

According to Marriott, a reported 327 million guests had their their names, phone numbers, email addresses, passport numbers, date of birth, arrival and departure information accessed.

For millions of others, credit card numbers and card expiration dates were potentially compromised as well.

Wait, the breach occurred in…Starwood’s Systems?

For those not aware, Starwood is a relatively new acquisition to the hotel chain behemoth Marriott International (2016).

As it turns out, the data breach is identified as reaching as far back as 2014. The cyber-criminals appear to have had much, if not all, of Starwood’s guest infrastructure.

The lesson learned here: Marriott has not reported a guest data breach in the past. Once it merges with Starwood, a nearly 5 year old exploited vulnerability is  discovered, which results in one of the largest breaches we have ever heard about.

Mergers & Acquisitions aren’t just about performance, profitability, and assets to acquire.

Cyber risk is assumed when the acquiring company buys the target company. Without the proper assessment, your company could be acquiring a ticking time-bomb of cyber-insecurity.

How damaging can cyber breaches and cyber risk be within acquisitions? As a refresher, Verizon got a sizable discount on Yahoo! Also, read what Mashable had to say about the FedEx/Bongo International fiasco.

Fortunately, there are companies like Beryllium InfoSec Collaborative that can help to mitigate this factor in the mergers and acquisitions process, to ensure that your company’s newest acquisition doesn’t become your biggest loss.

To learn more,  visit our contact us page and get the conversation started!

Derek White
Director of Business Development
Derek’s success comes from his customer first mentality, utilizing collaboration between security and technology, to create positive outcomes & compliant solutions.

Speak With a NIST Security Expert at Beryllium InfoSec Today

To reach us please fill out the form below.