Are you a person of interest???
This is Part II of a 2 Part Blog…click here for Part I
The massive Marriott/Starwood breach in which 500 million consumers were affected has obvious cybersecurity and privacy ramifications. It also has another rather dark underside.
The breach is believed to be state-sponsored. The state sponsored hackers are the same ones believed to be involved in other alarmingly large breaches such as the Anthem breach and the Office of Personnel Management. These records aren’t currently for sale on the dark web. Why? Because the data is likely being used to seed a data warehouse of identity details for large scale nefarious data mining.
Unfriendly nation-states can use the incredibly detailed identity analytics from these breaches to profile you. And, if you are a person of interest, don’t think that they can’t use this information to compromise you.
For some 327 million of the guests the breach contains detailed information which includes some combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
What can you expect? What can you do?
- Immediately change your Starwood/Marriott password to a unique, complex password not used anywhere else
- If you reused the breached password on any other site, immediately change it to a unique, complex password you haven’t used (and won’t use) anywhere else
- When possible, choose two factor, or multifactor authentication to goods/services/applications and resources that provide that option. It will reduce the chance of impersonation.
- Leverage a reputable password vault as a store for your unique, complex passwords
- Expect new and better (more detailed) phishing attacks from the breached PII details extracted from the database
- Expect nation-states to potentially use this information as leverage if you are a person of interest to them
Your corporate data is at risk, your customer PII data is at risk, your administrative credentials are at risk. Passwords alone are not enough.
Multifactor authentication (MFA) is one of the best methods to protect against online phishing, fraud, impersonation, man-in-the-middle attacks and more.
To have some semblance of a proper security posture, you must assume you are already breached. You should feel some urgency to aggressively defend your user base. MFA doesn’t have to be difficult to implement.
Optimal IdM has a robust MFA offering that has been named “Best Multifactor Authentication Solution” in the 2017 Government Security News (GSN) Homeland Security Awards (HSA) Program under the Cyber Security Products and Solutions category. Contact us at email@example.com for more information.
Optimal IdM offers on-premises, hybrid and dedicated, single tenant cloud solutions. We can have most customers up and running within a few days — sometimes in just a few hours. Optimal IdM supports encryption both in transit and at rest. We provide a full identity solution with concierge services — no federation expertise or specialized skills needed by you. We’ll bring our expertise to your identity issues and help future proof your investment.
For more details, contact us to talk through your project at firstname.lastname@example.org.