December 17, 2018 at local time in Chicago. Marriott International Group claimed that their 500 millions guests private data may have been stolen by hackers.

Among them, the information compromised data of 327 millions guests included

  • name
  • telephone number
  • passport number
  • email address
  • account number
  • arrival and departure information

Some credit card numbers have also been leaked, which means that once the information is decoded, it will bring a series of unpredictable risks to the guest.

After the incident, the Marriott Group issued an official statement which mainly includes that Marriott:

  1. Reported this incident to the public and admitted that since 2014 there had been unauthorized third-party access records to the Starwood network.
  2. Reported the incident to law enforcement and relevant regulatory authorities. Established a dedicated website and a call center to provide aftercare service for consumer worldwide.
  3. Emailed each consumer (who has reserved email before) this incident and remedial measure. Provided a one-year free registration Webwatcher, a tool which could constantly monitor the risk of any data breach.
  4. Would gradually phase out the current database management system (DBMS).

This statement showed the public an apology and a series of remedies of Marriott. However, in terms of user information management(UIM), we can see that it’s insufficient to have a strong awareness of network security and it isn’t able enough to deal with network crises when it happens. Lacking an effective countermeasure against the network attacks leads Marriott to be trapped in the network crisis for several years.

In the hotel industry, the leakage of user information has already become extremely frequent. It’s necessary to establish an absolute legal bottom line in the aspect of UIM. The star rating criteria for the hotel industry should also take the level of protection of the database into account.

A propos de Luyue ZHANG