Data breaches must be stopped
Businesses need to do more to protect the private information of their customers. This week saw two high-profile data breaches of two well-respected brands, and that is worrisome. First, a security incident at Marriott Hotels involving the Starwood guest reservation database resulted in unauthorized access of information belonging to approximately 500 million guests who made a reservation at a Starwood property. For approximately 327 million of those guests, that includes names, mailing addresses, phone numbers, email addresses, passport numbers, date of birth, gender and much more. Unfortunately, for some on the database, the information also includes credit card numbers and expiration dates. What’s worse is that the unauthorized access had been going on since 2014 and that “an unauthorized party had copied and encrypted information.” The affected hotel brands were Starwood-operated properties including W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Meridien and Four Points. None of the Marriott-branded chains were breached. Likewise, Dunkin’ Donuts was the target of a cyberattack in which hackers may have tried to access their loyalty accounts. According to a letter sent to DD Perks account holders, “Although Dunkin’s internal systems did not experience a data security breach, we were informed by one of our security vendors that third-parties obtained DD Perks account holders’ usernames and passwords through other companies’ or organizations’ security breaches. “We believe that these third-parties obtained usernames and passwords from security breaches of other companies,” Dunkin’ Donuts stated in the letter. “These individuals then used the usernames and passwords to try to break in to various online accounts across the Internet.” Dunkin’ Donuts and Marriott are both beloved brands, and the doughnut maker, in particular, enjoys an iconic status among New Englanders. Both will need to make a priority, though, of protecting their customers from whatever the intentions the nefarious forces at the center of these violations have for their information. In 2018, cybersecurity must play a major role in the day-today operations of businesses in most every industry, including the hospitality and restaurant industries. Punishment for those engaged in the practice of stealing personal information must be harsh. This problem is going to get worse before it gets better, and our elected leaders must not get caught flat-footed.