19CSE311 Computer Security Case Study

Marriott Starwood Data Breach

TEAM DETAILS : Group 8

S.No Roll No. Name

1. CB.EN.U4CSE20009 S Arjhun
2. CB.EN.U4CSE20019 Dommeti Surya Vamsi
3. CB.EN.U4CSE20029 Kaki Sri Satvika
4. CB.EN.U4CSE20039 Meenakshi P
5. CB.EN.U4CSE20050 Pranav M
6. CB.EN.U4CSE20072 Yadava Krishnaa P

Introduction:

In September 2018 one of the major data breaches, The Marriott-Starwood data breach incident occurred. In
this case study we can find details of the incident , how it happened , when it happened and the reason
behind the attack.

1.1 Incident Background:

The Marriott-Starwood data breach happened between September 2018. It majorly impacted the top class
customers of Marriott International i.e the Starwood guest reservation.The database consists of personal
information of a Starwood guest list. The Marriott International has over 500 million customers under
Starwood guests whose details got leaked.

1.2 Method of Attack and Timing:

Hackers have used sophisticated techniques for this cyber-attack.The hackers have used sneaky tactics and
special software to get into the Marriott network without permission.They have stayed in the network for a
very long period of time and got access to a lot of data.There are no exact details of when the breach has
happened but they estimate that it took place around 2014 and got discovered during a routine security
checked.

1.3 Motive behind the Attack:

The Marriott Starwood breach has happened because the attackers want information.People suspect Chinese
intelligence for this attack but it’s not clear why they want to. They might have used the stolen information
for spying or to steal identities or use it as a leverage in future cyber attacks.They could have also used this
personal information like passport numbers etc for tracking the big shots or for stealing their names.

1.4 Insider vs Outsider Attack:

The Marriott-Starwood data breach was caused by an outsider attack, according to the evidence and
investigations. Hackers broke into the Starwood network. It's important to know that insiders might have
helped with the breach without realizing it or by accident.The people of higher grade have been tricked into
leaking the information or made it into less secure.we need to find whether it is done from inside or outside.
The Marriott-Starwood data leak shows how skilled and determined cyber attackers can be. The big leak of
money and personal information shows that we need good security and tools to find problems early and keep
important information safe.

Next, we will evaluate the harm caused by the breach, examine studies that propose solutions for
comparable attacks, and propose a new method to address the issue, highlighting its advantages over
existing methods.

Analysis of Losses:

The Marriott-Starwood data breach caused problems for the company's money and how people think about
them. This section will discuss the big losses that Marriott had because of the breach.

2.1 Financial Impact:

The data breach cost Marriott a lot of money, around $400 million. These costs included looking into what
happened, fixing the problem, and possible legal agreements. the hacker mad the stock price down and made
a huge loss to the investors.The cybersecurity team was formed to find the amount of data lost and what was
the security weakness To study the breach, it needed costly professionals and resources. The goal of fixing
the problems that caused the breach was the purpose of the remediation operations.

Marriott made their data protection better, improved their cybersecurity, and added new tools to detect and
prevent threats. The hack affected Marriott's expenses and caused financial problems. The company had to
use resources and staff to handle the problems that happened after the incident. This included contacting
clients who were affected, providing services to protect against identity theft, and answering customer
questions and worries. These expenses that were incurred also contributed to the overall financial impact of
the breach.

2.2 Reputational Damage:

The name of the Marriott's was damaged and this news spread in all the media and people became less
interested in giving information to the company Marriott's business was negatively affected because clients
lost trust. People stopped booking rooms because they were worried about their personal information being
safe. this made so many people not to stay here and their earnings went down and the company had to close
because of no finance support. Regulators and data protection authorities are looking into Marriott's security
procedures and whether they follow privacy laws. If the group broke data protection laws, they might have
to pay high fines and penalties.

Marriott faced lawsuits from customers who were impacted. The lawsuits requested payment for how the
security breach impacted their personal information and the possibility of their identities being stolen. The
organization is having more financial problems because of the legal actions and payments related to these
cases. Marriott took big steps to fix things and make customers trust them again after losing money. The
security of client data was improved by strengthening the cybersecurity infrastructure, enhancing monitoring
and detection skills, and implementing additional security measures. Also, the company talked to the
impacted customers and provided help and services to avoid identity theft. Marriott worked hard to fix the
problem, protect their clients, and earn back trust.

To sum up, the Marriott-Starwood data breach incident shows that having weak cybersecurity procedures
can harm a company's reputation and finances. Marriott lost a lot of money because of the security problem.
They had to spend money on investigating, fixing the problem, paying legal fees, and other expenses. Also,
the event harmed Marriott's image, causing customers to lose trust, fewer bookings, and possible legal
consequences. It's important to have good cybersecurity measures, keep an eye on systems all the time, and
be ready for potential threats.

Research Papers Addressing Solutions to the Marriott-Starwood Data Breach:

1. Research Paper: ”Overcoming data breaches and human factors in Minimizing threats."

Summary:

This research paper talks about how Human factors intervene in the communication networks and how they
provide a critical role in contributing to these vulnerabilities. It talks about the vulnerabilities and
emphasises on strategies to address the following threats .This research paper focusses on many topics like
addressing inside threats and strengthening the communication network. It takes into consideration the
evolving technologies and the challenges we face with the limited resources.

Proposed Solutions:
1. End – to -End encryption : Reduce the risk of unauthorized access and data breaches by implementing
certain encryption protocols . We can use Advanced Encryption Standards to protect confidential data.
2. 2FA -Two Factor Authentication : Uses two kinds of identification to access resources and Data
Providing this additional layer like bio- metric data to access their accounts helps remove this risk of
unauthorized access.Implementing Endpoint Security Measures: The paper recommends implementing
endpoint security solutions such as host-based firewalls, antivirus software, and device encryption.
These measures help protect endpoints from unauthorized access and malware attacks.
3. Secure Audits: Asses the network infrastructure which helps identify vulnerabilities in mobile
communication networks . It Basically Analyses threats and attacks and looks for weaknesses in any
network component .

Shortcomings:
1. As there is an advancement in technology there must be constant update in the security measures as
threats keep building up on a day to day basis.
2. Threats from the inside which include individuals that can be employees and workers who breach the
sensitive information .In order to prevent such insider attacks and threats we must implement strict
access control techniques.
3. Email Phishing , using weak and vulnerable passwords and by downloading apps which contain malware
etc are human factors which leads to an error and hence user -friendly security interfaces need to be
created for the same .
4. This research paper focuses primarily on update in security measures like creating a user – friendly
security interface and does not address all aspects of the Marriot-Starwood breach like the threats and
vulnerabilities in the network .

2. Research Paper: “Prevention from unauthorized access and unclassified attack in Data
Warehouse"

Summary:

This research paper talks about the threat of various unclassified attacks and unauthorized access to data .It
delves into the impact of these attacks on the data security. It also proposes a list of feasible solutions to
enhance the protection of data and mitigate the breach of attacks and data security.

Proposed Solutions:
1. IDPS-Intrusion Detection and Prevention systems : This technique helps in analysing ,detecting and
preventing attacks which are basically unclassified. It looks for middle men interventions and suspicious
activities .They do this by monitoring the traffic in the network and taking corresponding actions to
prevent it .

2. End to end encryption and data masking: Compromised data can also be protected from unauthorized
access using encryption . Using data masking we can create a fake yet realistic version of the
organizational data which in turn aids in protecting confidential / sensitive data .It also acts as an
functional alternative in situations where original data is not require eg . software testing
3. User Privileges and access: Providing access control to the data to only authorized individuals .This can
be done by using strong Passwords ,updating the user permission settings and granting the user
privileges to access sensitive/Confidential data in the data warehouse only if they are authorized
individuals.

Shortcomings:
1. This particular paper doesn’t talk about the necessity of timely detection and response to security
incidents.
2. Basically the system doesn’t emphasize on real time monitoring and neither does it discuss about the
implications of the regulatory compliance.
3. Furthermore it doesn’t address potential vulnerabilities, insider threats and breaches where authorized
individuals themselves misuse the privileges given to them and actually turn out to be a major threat to
the software security system.

3. Research Paper: "Securing Personal Data in the Hospitality Industry" by Brown et al.

Summary:

This study is about how hotels keep their customers' information safe, especially in light of the Marriott-
Starwood breach. The writers discuss how businesses struggle to keep client information safe and propose
methods to improve data security.

Proposed Solutions:
1. The article suggests using data masking techniques to protect sensitive customer data.
2. When we mask information, we hide important details. This helps keep the information safe even if
someone tries to steal it. We replace the real information with fake information that seems real.
3. The authors suggest that it is important to teach employees about how to keep data safe and the risks
involved. If employees get regular training to recognize and report suspicious activity, insider threats are
less likely to happen.
4. The report says that hotels should make sure their partners and vendors have good security practices.
This means doing regular checks, making sure security rules in contracts are followed, and evaluating
the security of vendors.

Shortcomings:
1. The research paper doesn't provide new information about the Marriott-Starwood breach because it
focuses on the bigger hospitality industry.
2. The suggested solutions mainly focus on protecting data, but they may not cover other aspects of the
breach like network security or plans for responding to incidents.

The research papers suggest ways to make network security, database security, and data protection better in
the hospitality industry. These solutions give good advice, but they may not cover all the specific
weaknesses and situations of the Marriott-Starwood data breach. Organizations should consider these
research results when creating a security plan that fits their specific settings and risks. The way to protect the
data like this breach by using the higher security measures to make it strong and strong.

Proposed Solution: Advanced Security Measures for Starwood Breach Mitigation

Abstract:
An entire plan has been put up by a group of concerned academics to address this ongoing problem in the
context of the recent Marriott-Starwood information leak disaster. The suggested strategy combines
technological and organisational strategies to improve data integrity while removing any potential flaws.
This solution's goal is to replace current security measures with progressive security measures in order to
stop the potentially fatal side effects of cyberattacks.

For clarification, the suggested method advises including sophisticated security mechanisms as opposed to
only relying on remedial actions. In order to avoid such violations, it considers the system's flaws and makes
necessary corrections. Key to our proposal, the passive authentication procedure verifies user identification
without user input. Advanced encryption techniques have been suggested in order improve the security of
user information while it is being transmitted throughout secure channels.

In order to raise employee knowledge of data protection, the solution also places a strong emphasis on
organisational reforms. As a result, training sessions on security procedures will be launched to inform staff
members about online dangers and prudent actions to reduce security risks.

In conclusion, the suggested method offers a multidimensional strategy that emphasises organisational
changes in addition to technological ones. This concept intends to lessen the possible dangers of data
breaches encountered by various organisations by taking a proactive approach.

1. Improved Verification Methods: The deployment of complex methods of authentication, which are
strongly recommended by our system, solved the problem of authentication's weakness. The
recommended method, which we support, intends to make Multi-Factor Authentication (MFA)
implementation less difficult. One could say that this system is secure and reliable since it is supported by
well-known cryptographic protocols like PKIs, OTPs, and biometrics. Adopting MFA reduces the risks
associated with lost or stolen credentials by using a combination of several independent verification
methods to confirm user access. This strategy guarantees fewer instances of unauthorised access, which
improves the security of the system.

2. Secure Data Encryption and Tokenization: One of the potent encryption techniques we use in our
solution to safeguard data whether it is in transit or at rest and to uphold the strictest level of secrecy for
sensitive client information is the Advanced Encryption Standard (AES). The concept also supports the
use of tokenization techniques to replace confidential data with tokens created at random. This strategy
ensures that encrypted data will remain unintelligible to outsiders even if it is ever hacked. For perfect
security, it is strongly suggested that the tokenization and encryption processes meet industry standards
and rely on hardware-based security modules.

3. Improvement in Threat Detection and Reaction: In order to avoid security breaches, the suggested
method includes combining advanced tools for identifying and responding to possible incidents. The
solution includes the adoption of SIEM platforms, NGFW, and IDPS. Through the application of machine
learning techniques, network traffic, log files, and user behaviour are carefully analysed for identifying
flaws and noticing any symptoms of unauthorised actions. Utilising a variety of strategies guarantees
quick containment and efficient repair of security events. Security risks may be managed effectively with
the use of real-time notifications and automated incident response protocols.

4. Constant Security Auditing and Monitoring: The only way to ensure continuing security is through
consistent security monitoring and auditing procedures. Deploying Security Operations Centres (SOCs)
with SIEM systems is the suggested approach. Potential threat factors may be quickly identified by SOCs

 by monitoring network traffic, log files, and important infrastructure. In addition, it is essential to carry
out frequent security audits and vulnerability assessments in order to spot holes quickly and fix them.
These steps provide the prompt identification of possible security risks and allow for the installation of
the required defences. Finally, to ensure that security measures are complete, frequent penetration testing
should be performed. By simulating actual assaults, this exercise finds any inconsistencies in the
infrastructure.

5. Employee Training and Awareness Programs: I understand how human aspects and cyberattacks are
related as a university student. Our suggested approach emphasises the importance of offering thorough
security training and awareness programmes to all workers in order to address this situation. This project
entails regular training sessions designed to educate our team on how to recognise and effectively
counteract social engineering attempts. Additionally, phishing simulations are run to give staff members
real-world training and experience. Secure coding techniques are being made available, especially to
developers. The ultimate goal is to establish an organisational culture that prioritises security and gives all
employees the tools they need to actively participate in defence against possible attacks.

Leveraging Course Contents:

The course material helped us find out why the Starwood data breach happened and made it possible to
create ways to prevent it from happening again. Some important ideas that affected how people studied and
responded to the breach are:

1. Keeping data safe when sending or storing it involves using encryption and cryptography. This means
using codes, public keys, and digital signatures. Using strong encryption and secure key distribution may
have lowered the chance of someone getting unauthorized access to customer information.

2. We knew about user authentication, directory services, and key exchange protocols, so it was easier for
us to understand the authentication problems. Making authentication stronger by using multi-factor
authentication and secure key exchange protocols would have reduced the risk of unauthorized access.

3. Understanding access control matrices and protection rules helps in assessing access control methods for
system security.

4. To make the internet secure we need to use ssl certificate in the website. Making the network more
secure by using intrusion detection systems, firewalls, and SSL protocols, and ensuring secure online
application development could have stopped data breaches. We found ways to fix weak spots and
prevent security breaches like the one at Starwood by using these ideas.

Conclusion

The Marriott-Starwood data breach shows how bad cybersecurity breaches can be for businesses. It is
always important to have a secure system so that no one other than the important people can access the data.
One idea is to use computers to learn how to respond better. Another idea is to use advanced systems to
detect threats.

Our solution includes a strong security plan that includes dividing the network, using systems to prevent
unauthorized access, and regularly checking for security issues. Marriott's financial and reputation losses
show that cybersecurity is very important.

Organizations need to invest in procedures, monitoring, and infrastructure to protect data, keep customers'
trust, and protect their brand. To sum up, the case study shows that businesses need to focus on protecting
important information in the digital world, improve their cybersecurity, and lower the chances of risks.