While I’m sure officials with Marriott International wish the recently reported breach of legacy Starwood systems had never happened, there’s still a chance it could prove to be a positive for the hotel industry in the long run.
Let me just start by saying I’m glad I’m not the person who initially came across the evidence of a long-running and widespread data breach of legacy Starwood Hotels & Resorts Worldwide systems or the Marriott International executives who had to piece together what happened, what data was affected and how to move forward with disclosing the largest breach of its type in the history of the hotel industry.
It has to be doubly frustrating to know that these were not systems they created but ones they inherited, even though that doesn’t waive any sort of liability or responsibility. I’m sure it serves to provide little comfort to the up to 500 million guests affected by the breach.
But as exasperating as this all is for everyone involved, there may still be a silver lining if hoteliers across the board decide to learn from the ghosts of Starwood’s past, which is that data security is a fundamental ongoing function of hotels, or really any business, in modern society and not a line on the budget that you seek to get as low as possible.
This idea was clearly expressed in HNN’s initial reporting on 30 November of Marriott’s breach by Ted Harrington, executive partner with hospitality security consulting firm Independent Security Evaluators.
“Hopefully this event can result in changes in how leadership perceives security: as a mission to be pursued, rather than a cost to be minimized,” Harrington said. “Hopefully this event can result in security leaders becoming more empowered with more suitable resources and better-aligned executive buy-in.”
And the four-year span of this particular breach illustrates that the “mission” is not a finite one. It’s not something that’s tackled by jumping from one fire you’re putting out to another. It’s an ongoing effort with no endpoint.
In the interest of fairness, I’ll mention here that I don’t know if Starwood’s original problem was a matter of deprioritizing data security or misaligning or understaffing their IT teams. I don’t think any outside observer could confidently speak to what the root cause of this particular breach was. But that doesn’t mean it can’t serve as a wake-up call to the enormity of the problem or how serious and thoughtful industry leaders must be in addressing it.
The hotel industry clearly has a long history of breaches based on past reporting on the issue, and the threat from bad actors is only going worse.
As depressing as it might be for some to think about when it comes to an industry like hotels and hospitality, which is built on being warm, friendly and welcoming, data security is no longer tangential to what hoteliers do. It is not a core function of the hotel industry, and if it’s neglected your company will fail in the same way it would if you neglected service or other core functions.
There’s no scenario where Marriott’s breach is the last the hotel industry sees. Not to sound defeatist, but there will be more breaches. But the industry as a whole can do it’s best to limit those breaches and to make sure there aren’t more of the size and scope we saw last week.
The opinions expressed in this blog do not necessarily reflect the opinions of Hotel News Now or its parent company, STR and its affiliated companies. Bloggers published on this site are given the freedom to express views that may be controversial, but our goal is to provoke thought and constructive discussion within our reader community. Please feel free to comment or contact and editor with any questions or concerns.