Connect with us

Technology

Espionage, ID theft? Myriad risks from stolen Marriott data

Editor

Published

on

[ad_1]

The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home burglaries, security experts say.

Hackers stole data on as many as 500 million guests of former Starwood chain properties over four years including credit card and passport numbers, birthdates, phone numbers and hotel arrival and departure dates.

It is one of the biggest data breaches on record. By comparison, last year’s Equifax hack affected more than 145 million people. A Target breach in 2013 affected more than 41 million payment card accounts and exposed contact information for more than 60 million customers.

But the target here — hotels where high-stakes business deals, romantic trysts and espionage are daily currency — makes the data gathered especially sensitive.

The affected reservation system could be extremely enticing to nation-state spies interested in the travels of military and senior government officials, said Jesse Varsalone, a University of Maryland cybersecurity expert.

Watch: Data breach affects up to 500M Marriott Hotel guests

The Marriott hotel chain says up to half a billion people who stayed at Starwood hotels between 2014 and 2018 may have had their personal information stolen. 1:47

“There are just so many things you can extrapolate from people staying at hotels,” he said.

And because the data included reservations for future stays, along with home addresses, burglars could learn when someone wouldn’t be home, said Scott Grissom of LegalShield, a provider of legal services.

The affected hotel brands were operated by Starwood before it was acquired by Marriott in 2016. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Meridien and Four Points. Starwood-branded timeshare properties were also affected. None of the Marriott-branded chains were threatened.

‘Marriott may never share their findings openly’

Email notifications for those who may have been affected begin rolling out Friday and the full scope of the breach was not immediately clear.

Marriott was trying to determine if the purloined records included duplicates, such as a single person staying multiple times.

Security analysts were especially alarmed to learn of the breach’s undetected longevity. Marriott said it first detected it Sept. 8 but was unable to determine until last week what data had possibly been exposed — because the thieves used encryption to remove it in order to avoid detection.

Marriott said it did not yet know how many credit card numbers might have been stolen. A spokesperson said Saturday that it was not yet able to respond to questions such as whether the intrusion and data theft was committed by a single or multiple groups. (Matt Rourke/Associated Press)

Marriott said it did not yet know how many credit card numbers might have been stolen. A spokesperson said Saturday that it was not yet able to respond to questions such as whether the intrusion and data theft was committed by a single or multiple groups.

Cybersecurity expert Andrei Barysevich of Recorded Future said Saturday he believed the breach was financially motivated.

We will have to wait until an official forensic report, although Marriott may never share their findings openly– Cybersecurity expert Andrei Barysevich

A cybercrime gang expert in credit card theft such as the eastern European group known as Fin7 could be a suspect, he said, noting that a dark web credit card vendor recently announced that 2.6 million cards stolen from an unnamed hotel chain would soon be available to the online criminal underworld.

“We will have to wait until an official forensic report, although Marriott may never share their findings openly,” he said.

Marriott said the stolen credit card information was encrypted but the hackers may have obtained the “two components needed to decrypt the payment card numbers.” It said it cannot “rule out the possibility that both were taken.”

For as many as two-thirds of those affected, the exposed data could include mailing addresses, phone numbers, email addresses and passport numbers. Also dates of birth, gender, reservation dates, arrival and departure times and Starwood Preferred Guest account information.

Theft of passport numbers a concern

The breach of personal information could put Marriott in violation of new European privacy laws, as guests included European travellers.

Marriott set up a website and call centre for customers who believe they are at risk.

The FBI would not say whether it is investigating, but said in a statement that anyone contacted by Marriott should “take steps to monitor and safeguard their personally identifiable information and report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center at www.ic3.gov.”

Passport numbers have previously been part of a hack, though it’s not common. They were among records on 9.4 million passengers of Hong Kong-based airline Cathay Pacific obtained in a breach announced in October.

Combined with names, addresses and other personal information, passport numbers are a greater concern than stolen credit card numbers because thieves could use them to open fraudulent accounts, said analyst Ted Rossman of CreditCards.com.

The data purloining highlights just how dangerous hotels can be for people worried about their privacy.

“Hotels have long been important government sources of local information for tracking foreigners: reservation systems and loyalty programs took the surveillance global and made it easier for us to give up our privacy,” said Colin Bastable, CEO of Lucy Security.

Consumers have become collateral damage… And we are all consumers– Colin Bastable, CEO of Lucy Security

Intelligence agencies including the U.S. National Security are well plugged into the global travel industry “by fair means or foul,” he said, non-government cybercriminals now have the same hacking tools.

“Consumers have become collateral damage,” he said. “And we are all consumers.” He advises providing hotels with as little information as possible when making reservations and checking in.

Last year, the cybersecurity firm FireEye highlighted an effort in which Russian state agents allegedly tried to infiltrate the reservation systems of hotels in Europe and the Middle East.

When its acquisition by Marriot was first announced in 2015, Starwood had 21 million people in its loyalty program. The company manages more than 6,700 properties across the globe, most in North America.

Marriott, based in Bethesda, Md., said in a regulatory filing that it was too early to say what financial impact the breach might have on the company. It said it has cyber insurance and is working with its carriers to assess coverage. (Danny Johnston/Associated Press)

Marriott, based in Bethesda, Md., said in a regulatory filing that it was too early to say what financial impact the breach might have on the company. It said it has cyber insurance and is working with its carriers to assess coverage.

Elected officials were quick to call for action.

The New York attorney general opened an investigation.

Virginia Sen. Mark Warner said the U.S. needs laws that limit the data companies can collect on customers and ensure that companies account for security costs rather than making consumers “shoulder the burden and harms resulting from these lapses.”

[ad_2]

Source link

قالب وردپرس

Technology

The ‘Maple Majestic’ wants to be Canada’s homegrown Tesla

Editor

Published

on

By

Look out Tesla, Canada has a homegrown electric sedan on the way. Well, that’s if AK International Motor Corporation can drum up enough investment to make its EV a reality. Dubbed the “Maple Majestic,” the vehicle is a battery-electric designed to “excel in extreme climate performance without adversely affecting the climate, as befits a vehicle from Canada,” according to its website.

What’s in a name? — The company says the maple leaf is a “symbol of Canada’s warmth and friendliness towards all cultures,” while “majestic” refers to the country’s “status as a Constitutional Monarchy.”

That patriotism carries over into Maple Majestic’s parent company’s lofty goals. AK Motor founder Arkadiusz Kaminski says he wants the company, which he founded in 2012, to become “Canada’s first multi-brand automotive OEM,” and that the “Maple Majestic is intended to be Canada’s flagship brand of automobiles on the world stage.”

Partnerships are key — “We acknowledge that the best chance for the Maple Majestic brand to succeed, lies in continuing to build the relationship with Canada’s parts suppliers and technological innovators, whether they be academic institutions, corporations, or individual inventors,” the company explains. “We are currently seeking partners in automotive engineering, parts manufacturing, automotive assembly, electric propulsion technology, battery technology, autonomous technology, and hybrid power generation technology.”

In other words, don’t expect to be able to buy a Maple Majestic any time soon… and don’t expect to pour over 0-60 mph times, power output, range, or other key stats, because those don’t currently exist. For now, all we have are pictures and a short video clip. But at least those are arresting.

Continue Reading

Technology

PE-backed Quorum Software to merge with Canadian energy tech firm

Editor

Published

on

By

Houston-based energy technology company Quorum Software will merge with a Canadian tech firm to bolster its presence in oil and gas services.

Quorum announced Feb. 15 it plans to merge with Calgary, Alberta-based Aucerna, a global provider of planning, execution and reserves software for the energy sector. The combined firm will operate under the Quorum Software brand.

Gene Austin, CEO of Quorum Software, will continue in his capacity as chief executive of the combined firm. Austin, former CEO of Austin-based marketing tech firm Bazaarvoice Inc., became CEO of Quorum in December 2018.

Aucerna co-founder and CEO Wayne Sim will be appointed to the Quorum Software board of directors. Both companies are backed by San Francisco- and Chicago-based private equity firm Thoma Bravo.

“Over the last 20 years, Quorum has become the leading innovator of software deployed by North American energy companies,” said Austin. “Today, Quorum is expanding the scope of our technology and expertise to all energy-producing regions of the globe. Customers everywhere will have access to a cloud technology ecosystem that connects decision-ready data from operations to the boardroom.”

In addition to the merger announcement, Quorum Software announced it had entered into an agreement with Finnish IT firm TietoEvry to purchase TietoEvry’s entire oil and gas business. The agreement, which includes hydrocarbon management, personnel and material logistics software and related services, is valued at 155 million euros, or $188 million, according to a statement from TietoEvry.

“Our three organizations complement each other — from the software that our great people design to the energy markets where we operate,” said Sim. “Our new company will be able to deliver value to our stakeholders, while accelerating the growth of our combined business and the energy industry’s software transformation.”

The combined company will serve over 1,800 energy companies in 55 countries, according to the announcement. With its headquarters in Houston, Quorum will continue to have a significant presence in Calgary and in Norway, the headquarters for TietoEvry’s oil and gas software business. Quorum will have other offices throughout North America, Latin America, Europe, Asia and the Middle East.

As of Sept. 30, 2020, private equity firm Thoma Bravo had more than $73 billion in assets under management. In late December 2020, Thoma Bravo agreed to acquire Richardson, Texas-based tech firm RealPage in a roughly $10 billion acquisition.

Continue Reading

Technology

Piece of Kitchener technology lands on Mars on Perseverance rover

Editor

Published

on

By

KITCHENER — A piece of Kitchener technology has landed on Mars, thanks to NASA’s Perseverance rover.

The rover settled on the planet’s surface on Thursday afternoon. It’s been travelling through space since it was launched from Cape Canaveral, Fla. in July.

“The whole idea of being on a device that we’re sending to another plant with the express mission of looking for traces of past life, it’s pretty mind boggling actually,” said Rafal Pawluczyk, chief technical officer for FiberTech Optica.

The Kitchener-based company made fibre optic cables for the rover’s SuperCam that will examine samples with a camera, laser and spectrometers.

“The cables that we built take the light from that multiplexer and deliver it to each spectrograph,” Pawluczyk said.

The cables connect a device on the rover to the SuperCam, which will be used to examine rock and soil samples, to spectrometers. They’ll relay information from one device to another.

The project started four years ago with a connection to Los Alamos National Lab, where the instruments connected to the cables were developed.

“We could actually demonstrate we can design something that will meet their really hard engineering requirements,” Pawluczyk said.

The Jezero Crater is where the Perseverance rover, with FiberTech Optica’s technology onboard, landed Thursday. Scientists believe it was once flooded with water and is the best bet for finding any evidence of life. FiberTech’s cables will help that in that search.

Ioannis Haranas, an astrophysicist and professor at Wilfrid Laurier University, said the rover isn’t looking for “green men.”

“They’re looking for microbial, single-cell life, any type of fossils and stuff like that,” Haranas said. “That’s why they chose a special landing site. This could be very fertile land for that.”

“It’s very ambitious,” said Ralf Gellert, a physics professor at the University of Guelph.

Gellert helped with previous rover missions and said it’s the first time a Mars rover has landed without a piece of Guelph technology on it. While he’s not part of Perseverance’s mission, he said the possibilities are exciting.

“Every new landing site is a new piece of the puzzle that you can put together with the new results that we have from the other landing sites,” he said.

“It’s scientifically very interesting because, even though we don’t have an instrument on that rover, we can compare what the new rover Perseverance finds at this new landing site,” he said.

Now that Perseverance has landed on Mars, FiberTech is looking ahead to its next possible mission into space.

Continue Reading

Chat

Trending