What Long Term and Possibly Global Actions Will Arise from Massive Failures of Cyber Security: ̶
The latest global failure of cyber security is covered in detail in a November 30, 2018 post at Krebs on Security, and is headline news around the world. Initial data shows a massive, global scale to the failure. This breach also is only one of many at international and national hotel chains, as explained by Krebs.
Market failures often lead to regulation. And, the pressure to block cyber failure is growing issue for corporate boards because so much corporate value lies in corporate reputation, data and intangibles, rather than tangible things, according to a 2015 article at the World Economic Forum. One wonders how all of this will evolve vis a vis state based immunity and/or regulation at state, national and global levels. And, if a global immunity/regulation process is built for cyber security, will that process then lead to more global regulation in other substantive areas? Global class actions? Or, will soft law provide alternative answers and outcomes? Interesting times ahead.
As explained by Krebs:
“Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the company’s networks since 2014.
Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the company’s network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.
“For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,” Marriott said in a statement released early Friday morning.