December 03, 2018

4-year long Marriott data breach affects 500M customers

data securityMarriott International revealed last week that as many as 500 million customers had information – including names, addresses, payment card details and passport numbers – compromised in a data breach going as far back as 2014.

The company was informed in September of a breach that impacted its Starwood guest reservation database. On Nov. 19, the company determined there had been unauthorized access to the data going back to at least 2014.

Following news of the data breach, NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt urged leaders of the Senate Banking and House Financial Services Committees to take action on a national data security standard, noting that this Marriott breach is one of the largest breaches of personal data. Hunt also reiterated the principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. The association is currently engaged as Congress considers a bill that would require data breach notifications for financial entities akin to what is in place for financial institutions under the Gramm-Leach-Bliley Act.

NAFCU has previously shared with Congress credit unions' principles for data security.