BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

What Are Your Company’s Responsibilities Following a Data Breach?

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.  

Cyberbreach Marriott

To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.

How Did Marriott International Employees Fall Victim to a Data Breach?

Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.

On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.

Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.

Why Did Marriott Have a Difficult Time Finding Victims?

Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.

The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.

What Are Your Company’s Responsibilities in Case of a Data Breach?

The FTC recommends following these steps, some of which are legally required.

Secure your Operations

Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.

Fix Vulnerabilities

As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.

Work with forensic experts to track to determine what records were at risk.

Notification

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.

More Like This

What Are the Key Differences Between IT Services and Consulting?

What Are the Key Differences Between IT Services and Consulting? When business leaders create annual budgets, IT typically ranks among the top investments. More than $4 trillion was spent globally in 2019, and the average company funneled 8.2 percent of its total revenue into IT. The primary focus for too many companies was IT services, …

What Are the Key Differences Between IT Services and Consulting? Read More »

Read More

AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Original release date: January 8, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This Alert is a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations. AA20-352A …

AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments Read More »

Read More

Microsoft Makes Anti-Spam Changes

Microsoft Makes Anti-Spam Changes The year 2020 is not the only thing that is coming to an end. Microsoft is slowly rolling out changes meant to deter spam. This is causing some features to come to an end and changing the way a few Microsoft products, most notably email, is used. As a business owner, …

Microsoft Makes Anti-Spam Changes Read More »

Read More

AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Original release date: December 17, 2020<br/><h3>Summary</h3><p class=”tip-intro” style=”font-size: 15px;”><em>This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&amp;CK®) version 8 framework. See the <a href=”https://attack.mitre.org/versions/v8/”>ATT&amp;CK for Enterprise version 8</a> for all referenced threat actor tactics and techniques.</em></p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical …

AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations Read More »

Read More

Top 15 Microsoft Teams Tips and Tricks

Top 15 Microsoft Teams Tips and Tricks Microsoft Teams is one of the most popular and influential digital team-building solutions available for startups and business teams of any size. Using Microsoft Teams as your company’s preferred collaboration tool provides access to myriad features, from private messaging and group chats to file and document-sharing. With a …

Top 15 Microsoft Teams Tips and Tricks Read More »

Read More

9 Meeting Tips for Using Microsoft Teams

9 Meeting Tips for Using Microsoft Teams Microsoft Teams is a simple, yet effective tool for hosting meetings. It has both audio and video capabilities as well as a chat feature. It can handle conference calls and one on one meetings, with members of your organization as well as guests. Plus, it has a convenient …

9 Meeting Tips for Using Microsoft Teams Read More »

Read More