Will this be the breach that further amplifies the kinds of cyber risk organizations inherit when they acquire another organization?
If you haven’t heard, Marriott International recently reported that it suffered a data breach of potentially 500 million guests.
Marriott has been known as a very good hotel chain when it comes to protecting consumer data. It’s a shame to hear so many guests may have had their information exposed.
According to Marriott, a reported 327 million guests had their their names, phone numbers, email addresses, passport numbers, date of birth, arrival and departure information accessed.
For millions of others, credit card numbers and card expiration dates were potentially compromised as well.
Wait, the breach occurred in…Starwood’s Systems?
For those not aware, Starwood is a relatively new acquisition to the hotel chain behemoth Marriott International (2016).
As it turns out, the data breach is identified as reaching as far back as 2014. The cyber-criminals appear to have had much, if not all, of Starwood’s guest infrastructure.
The lesson learned here: Marriott has not reported a guest data breach in the past. Once it merges with Starwood, a nearly 5 year old exploited vulnerability is discovered, which results in one of the largest breaches we have ever heard about.
Mergers & Acquisitions aren’t just about performance, profitability, and assets to acquire.
Cyber risk is assumed when the acquiring company buys the target company. Without the proper assessment, your company could be acquiring a ticking time-bomb of cyber-insecurity.
How damaging can cyber breaches and cyber risk be within acquisitions? As a refresher, Verizon got a sizable discount on Yahoo! Also, read what Mashable had to say about the FedEx/Bongo International fiasco.
Fortunately, there are companies like Beryllium InfoSec Collaborative that can help to mitigate this factor in the mergers and acquisitions process, to ensure that your company’s newest acquisition doesn’t become your biggest loss.
To learn more, visit our contact us page and get the conversation started!
Ben is the Vice President of Beryllium InfoSec Collaborative and Director of Curriculum Development at Cyber Warrior Foundation. A 20-year information security veteran, Benjamin cut his teeth on information security and cyber security for the Department of Defense.
Ben is an 18-year Chief Cryptologic Technician (Technical) veteran of Naval Special Warfare, Special Intelligence and Electronic Warfare teams and a drilling Navy Reservist. He currently serves as the Navy Information Operations Command TX – Minneapolis Branch Training Officer.