Articles

Marriott Breach: the Cyber Risk of Acquisitions

Derek White
Director of Business Development
This article is written based on CMMC version 1.02, and may not reflect the updated requirements of CMMC 2.0.

For the latest information on CMMC 2.0, please click here.

Will this be the breach that further amplifies the kinds of cyber risk organizations inherit when they acquire another organization?

If you haven’t heard, Marriott International recently reported that it suffered a data breach of potentially 500 million guests.

Marriott has been known as a very good hotel chain when it comes to protecting consumer data. It’s a shame to hear so many guests may have had their information exposed.

According to Marriott, a reported 327 million guests had their their names, phone numbers, email addresses, passport numbers, date of birth, arrival and departure information accessed.

For millions of others, credit card numbers and card expiration dates were potentially compromised as well.

Wait, the breach occurred in…Starwood’s Systems?

For those not aware, Starwood is a relatively new acquisition to the hotel chain behemoth Marriott International (2016).

As it turns out, the data breach is identified as reaching as far back as 2014. The cyber-criminals appear to have had much, if not all, of Starwood’s guest infrastructure.

The lesson learned here: Marriott has not reported a guest data breach in the past. Once it merges with Starwood, a nearly 5 year old exploited vulnerability is  discovered, which results in one of the largest breaches we have ever heard about.

Mergers & Acquisitions aren’t just about performance, profitability, and assets to acquire.

Cyber risk is assumed when the acquiring company buys the target company. Without the proper assessment, your company could be acquiring a ticking time-bomb of cyber-insecurity.

How damaging can cyber breaches and cyber risk be within acquisitions? As a refresher, Verizon got a sizable discount on Yahoo! Also, read what Mashable had to say about the FedEx/Bongo International fiasco.

Fortunately, there are companies like cuick trac™ that can help to mitigate this factor in the mergers and acquisitions process, to ensure that your company’s newest acquisition doesn’t become your biggest loss.

To learn more, visit our contact us page and get the conversation started!

Derek White
Director of Business Development
Derek’s success comes from his customer first mentality, utilizing collaboration between security and technology, to create positive outcomes & compliant solutions.
Part of the most relevant industry groups and committees

Get a 30-minute demo from a cuick trac™ product expert

You've made it this far, now let us show you why cuick trac™ will be the smartest decision you'll make this year.

Schedule a quick product tour
See how we can secure your CUI in less time, with less effort, and more features than any other DFARS compliance products in the market.