BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What Are Your Company’s Responsibilities Following a Data Breach?

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.  

Cyberbreach Marriott

To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.

How Did Marriott International Employees Fall Victim to a Data Breach?

Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.

On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.

Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.

Why Did Marriott Have a Difficult Time Finding Victims?

Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.

The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.

What Are Your Company’s Responsibilities in Case of a Data Breach?

The FTC recommends following these steps, some of which are legally required.

Secure your Operations

Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.

Fix Vulnerabilities

As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.

Work with forensic experts to track to determine what records were at risk.

Notification

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.

More Like This

AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

Original release date: December 2, 2021 Summary This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise framework for referenced threat actor techniques and for mitigations. This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and …

AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus Read More »

Read More

Microsoft & Meta Partner to Integrate Teams and Workplace for Easier Collaboration

Microsoft & Meta Partner to Integrate Teams and Workplace for Easier Collaboration Competing Social Software Giants Offer Customer-Requested Consolidation of the Two Applications’ Best Features Workplace stated in May 2021 that it has reached a milestone of 7 million paying members. Microsoft similarly revealed later that July that its Teams platform had 250 million unique …

Microsoft & Meta Partner to Integrate Teams and Workplace for Easier Collaboration Read More »

Read More

AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement multi-factor authentication. • Use strong, unique passwords. Note: this advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, …

AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Read More »

Read More

How to Pick the Ideal Unified Endpoint Management Platform

Picking the Ideal Unified Endpoint Management Platform Unified endpoint management (UEM) software plays an important role in today’s business world, thanks to significant technological advancements. Over the years, endpoint devices have become more data-intensive, connected, and ubiquitous, despite the security risks associated with the software. Thus, proper management of the devices is a top priority …

How to Pick the Ideal Unified Endpoint Management Platform Read More »

Read More

Windows 11 Tips: How to Get Things Done More Effectively

Windows 11 Tips: How to Get Things Done More Effectively Windows 11 comes with a slick redesign and a comprehensive selection of new features. Although it shares many similarities with Windows 10, the new OS introduces groundbreaking features like Android app integration. The best part is that the operating system brings balance to your personal …

Windows 11 Tips: How to Get Things Done More Effectively Read More »

Read More

A Quintessential Guide to Windows 11 Tips and News

A Quintessential Guide to Windows 11 Tips and News Windows 11 introduces a wide selection of interesting new features capable of transforming the user experience. In addition, the operating system comes with a streamlined design, Android apps integration capabilities, a built-in Microsoft Teams conferencing application, and other notable features. Examples of features that you can …

A Quintessential Guide to Windows 11 Tips and News Read More »

Read More