weerapat1003 - stock.adobe.com

Marriott data breach losses could be over half a billion dollars

Direct losses related to a huge data breach at US hotel group could reach $600m

The data breach at Marriott International could cost the hotel group as much as $600m, according to risk modelling firm AIR Worldwide.

AIR said the cyber security breach in November this year, which resulted in half a billion customer records being compromised, will have direct costs of between $200m and $600m.

Its estimate is based on the premise that 500 million records were breached and includes first- and third-party losses directly related to the breach, such as notification costs, forensics, credit monitoring, replacement of credit cards and setting up a call centre. It does not include potential fines related to the General Data Protection Regulation (GDPR) as well as reputational loss, business interruption and decrease of stock price.

“AIR’s new probabilistic security breach model shows that this type of event is not unprecedented, even though an event of this magnitude hasn’t previously happened to a hotel chain,” said Scott Stransky, director of emerging risk modeling at AIR Worldwide. “In fact, the largest recorded breach for a US-based hotel chain prior to this event was less than one-fiftieth of the size in terms of the number of records stolen.”

Last month, Marriott International said it had taken measures to investigate and address the security incident affecting reservations at its Starwood properties between 2014 and 10 September 2018.  

AIR said the loss estimates are based on an analysis performed using its Cyber Model. “These estimates are subject to uncertainty and are not based on actual policy or loss data reported by Marriott,” it said. “The net financial impact to Marriott will be partially mitigated by the cyber insurance and other liability insurance coverage it reportedly has, which are not accounted for in these estimated losses.”

Read more about data breaches

Read more on Data breach incident management and recovery

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close