Marriott breach losses could reach $600m – The Royal Gazette | Bermuda News, Business, Sports, Events, & Community

Log In

Reset Password

Marriott breach losses could reach $600m

Catastrophe risk modelling firm AIR Worldwide estimates that the direct cyberincident losses for the Marriott breach will be between $200 million and $600 million.

AIR's loss estimates are based on the assumption that 500 million records were stolen, as Marriott has reported.

This month, Marriott said that in early September it received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database. Marriott engaged leading security experts to help determine what occurred. It learnt that there had been unauthorised access to the Starwood network since 2014. Marriott recently discovered that an unauthorised party had copied and encrypted information and took steps towards removing it.

Last month, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database.

AIR said the range of loss estimates it has announced reflect the uncertainty about the data that was stolen, such as whether an encryption key has also been stolen along with encrypted credit card data; and said there is additional uncertainty, as some of the records may be duplicates.

Scott Stransky, assistant vice-president and director of emerging risk modelling, AIR Worldwide, said: “AIR's new probabilistic security breach model shows that this type of event is not unprecedented, even though an event of this magnitude hasn't previously happened to a hotel chain.

“In fact, the largest recorded breach for a US-based hotel chain prior to this event was less than 1/50 the size in terms of the number of records stolen. There are more than 300 simulated events in our model that cause higher losses for US-based hotels.”

AIR's loss estimates are based on an analysis performed using its Cyber Model. These estimates are subject to uncertainty and are not based on actual policy or loss data reported by Marriott. AIR said the net financial impact to Marriott will be partially mitigated by the cyberinsurance and other liability insurance coverage they reportedly have, which are not accounted for in these estimated losses.

Costly incident: it is estimated the massive data breach at Marriott could result in losses of between $200 million and $600 million

You must be Registered or to post comment or to vote.

Published December 20, 2018 at 8:00 am (Updated December 19, 2018 at 11:56 pm)

Marriott breach losses could reach $600m

What you
Need to
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon