A brief look into the Marriott breach of 2020.
Marriott International, Inc. is an American multinational diversified hospitality company that manages and franchises a broad range of hotels and lodging facilities. On March 31st, 2020, Marriott reported a Security breach stating that they had learned of the breach at the end of February when they learned that two of their employees had been compromised, but the breach dated back to January of 2020. Though the identity of the intruder(s) remains unknown, the breach affected 5.2 million guests of the hotel who made use of their loyalty application. The intruder(s) had direct access to the Marriott Bonvoy loyalty data which contains personal and confidential information of the guests. The intruder gained access into the back end systems of Marriott by using login credentials of two of its employees at one of its franchise properties to gain access to customer’s information. In response to the attack, Marriott launched a web portal where their users could check if they were one of those affected by the security breach. The technique used in this breach was through impersonation of employees and this could have been prevented by enabling access control and management, multi- factor authentication such as fingerprints, retina scans, voice recognition among others to avoid breach to sensitive systems.