Description
Case Summary:
In 2018, Marriott International announced a data breach that affected up to 500 million guests. The breach originated from Starwood Hotels, which Marriott had acquired in 2016. Attackers had already compromised Starwood’s guest reservation database before the acquisition and continued to have access to it even after the merger. The stolen data included names, addresses, phone numbers, email addresses, passport numbers, and encrypted payment information.
Key Questions for Analysis:
1. How did the attackers manage to stay undetected even after Marriott’s acquisition of Starwood?
2. What role did due diligence during mergers and acquisitions (M&A) play in this breach?
3. Analyze the importance of continuous monitoring for threats within acquired assets and systems.
4. What steps could Marriott have taken during the M&A process to detect and mitigate the breach earlier?
5. Critique Marriott’s data protection policies and the security of sensitive personal data.
The answer must be within 8 pages with references.
