Marriott Breach: the Cyber Risk of Acquisitions

Cyber risk is assumed when the acquiring company buys the target company. Without the proper assessment, your company could be acquiring a ticking time-bomb of cyber-insecurity.
Derek White
Chief Product Officer
This article is written based on CMMC version 1.0, and may not reflect the updated requirements of CMMC 2.0.

For the latest information on CMMC 2.0, please click here.

Will this be the breach that further amplifies the kinds of cyber risk organizations inherit when they acquire another organization?

If you haven’t heard, Marriott International recently reported that it suffered a data breach of potentially 500 million guests.

Marriott has been known as a very good hotel chain when it comes to protecting consumer data. It’s a shame to hear so many guests may have had their information exposed.

According to Marriott, a reported 327 million guests had their their names, phone numbers, email addresses, passport numbers, date of birth, arrival and departure information accessed.

For millions of others, credit card numbers and card expiration dates were potentially compromised as well.

Wait, the breach occurred in…Starwood’s Systems?

For those not aware, Starwood is a relatively new acquisition to the hotel chain behemoth Marriott International (2016).

As it turns out, the data breach is identified as reaching as far back as 2014. The cyber-criminals appear to have had much, if not all, of Starwood’s guest infrastructure.

The lesson learned here: Marriott has not reported a guest data breach in the past. Once it merges with Starwood, a nearly 5 year old exploited vulnerability is  discovered, which results in one of the largest breaches we have ever heard about.

Mergers & Acquisitions aren’t just about performance, profitability, and assets to acquire.

Cyber risk is assumed when the acquiring company buys the target company. Without the proper assessment, your company could be acquiring a ticking time-bomb of cyber-insecurity.

How damaging can cyber breaches and cyber risk be within acquisitions? As a refresher, Verizon got a sizable discount on Yahoo! Also, read what Mashable had to say about the FedEx/Bongo International fiasco.

Fortunately, there are companies like Beryllium InfoSec Collaborative that can help to mitigate this factor in the mergers and acquisitions process, to ensure that your company’s newest acquisition doesn’t become your biggest loss.

To learn more,  visit our contact us page and get the conversation started!

Derek White
Chief Product Officer
Derek’s success comes from his customer first mentality, utilizing collaboration between security and technology, to create positive outcomes & compliant solutions.
Why hundreds of organizations
trust our NIST experts
Requirement, Practice & Process Objective Based Security Expertise
Implementation Planning & Advisory
Continuous Monitoring of Compliance Programs
Full Attention on Documentation & Objective Evidence for External Audits
Focus on Technical, Administrative and Physical Security Requirements
Emphasis on Assessing, Remediating & Attesting to Compliance
Speak With an Expert Today

Speak With a NIST Security Expert at Beryllium InfoSec Today

To reach us please fill out the form below.
Beryllium InfoSec logoCMMC AB Pro badge
Beryllium InfoSec has specializing in information security and DoD cybersecurity compliance since 2017.
Beryllium InfoSec, Inc.
5910 N Central Expressway Ste 1665
Dallas, TX 75206
763-546-8354
Compliance Guides
DFARS Compliance GuideNIST SP 800-171 Compliance GuideCMMC Compliance Guide
Featured Articles
CMMC Level 3 Requirements & ControlsDFARS Compliance: The Practical Guide for DoD ContractorsWho Needs Cybersecurity Maturity Model Certification (CMMC)?
© 2024 · Beryllium InfoSec, Inc.
Privacy Policy   |   Terms & Conditions
Site by