CDF 290 Legal Aspects of Cyber Security

Beginning in 2014, malware infected the reservation system of Starwood Hotels, which included Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis.� Then, in 2016, Marriott Hotels acquired Starwood. In November 2018, Marriott discovered and revealed the four-year hacking campaign that attacked Starwood's reservation database.A total of 383 million guests were eventually determined to have been affected. The data breach related in the theft of names, addresses, phone numbers, credit card information, email addresses, and millions of unencrypted passport numbers. The Data Breach has arguably subjected Starwood to legal liability both in the US (data breach and breach notification laws) and in the EU (the EU General Data Protection Regulation �GDPR).

Starwood, a subsidiary of Marriott International, suffered a data security breach in 2018 that exposed the personal and financial information of millions of its customers. The breach involved the unauthorized access to Starwood's guest reservation database, which contained information such as names, addresses, phone numbers, email addresses, passport numbers, and credit card numbers of guests who had stayed at Starwood hotels.

Several technologies and practices could have been applied to prevent or mitigate the impact of this data security breach, including:

1. Encryption: The use of encryption can help to protect sensitive data from unauthorized access. Starwood could have implemented encryption for the guest reservation database, making it more difficult for hackers to steal the data even if they gained access to the database.

2. Multi-Factor Authentication (MFA): MFA is a security method that requires users to provide two or more forms of authentication to gain access to a system. Starwood could have implemented MFA for its systems to ensure that only authorized personnel could access sensitive data.