Data Breaches in the News

Before you take a break for Christmas, just remember the bad guys are probably not taking a holiday!

With the recent Marriott Cyber Breach, unfortunately travellers have possibly had their private data exposed, and the consequences are not yet clear.

For about 327 million of the 500 million, the breached data includes names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

The company said in a statement that it discovered "unauthorized access" to the database, which extended back until 2014. In some cases, payment card numbers and expiration dates were also taken, but Marriott said it's unclear whether the hackers have information to decrypt the payment card numbers.

Marriott said it has set up a website for consumers impacted by the hack, at info.starwoodhotels.com, and a call centre. "Call volume may be high, and we appreciate your patience," the company said. Starwood is sending an email to all addresses affected.

So what are the Bad Guys going to do?

You can expect a raft of phishing attacks that try to exploit this data breach, either by using just scare tactics, or by using actual data from the breach itself to make it look as real as possible.

This is not restricted to this breach, this is now a very common occurrence

REMEMBER : Best Practices for yourselves

A reminder: now more than ever it is important to ensure you and your staff are taking appropriate action. Besides having in place a quality Cyber & Privacy Protection Insurance Policy, you need to ensure your organisation regularly informs all of your staff what to watch out for. Some examples include:

• Be wary of unsolicited phone calls. People can claim they are from your bank or other well-known organisations and can be very convincing. Do not give out information that the organisation calling you should already know. Fraudsters will often say there is a problem with your account, ask you to transfer money. They can even ask you to call a number you know and keep the phone line open so when you call back you are speaking to them.
  
  
• Always be very careful with your customers personal details and how this information is used or who it is provided to.
  
  
• Unsolicited emails may direct you to a link containing a virus – just one accidental click can bring an entire network down. Remind your staff that under no circumstances should these emails be opened, and if it does happen, it should be reported IMMEDIATELY. The sooner your IT firm is advised, the sooner the damage can be halted.
  
  
• All portable equipment (laptops, smartphones, iPads and the like) should be password protected/encrypted to protect sensitive information. When these items are lost, it is not only the property that has gone – the unsecured information could be much more costly.

What you need to do

- Ensure you have protocols that are followed by all staff at all times
- Should an attack happen, act immediately and contact your IT Provider
- Be certain that you have a comprehensive Cyber & Privacy Protection Insurance Policy in place – if an attack happens, your Broker will be able to put you in contact with specialist firms that can assist you through the incident

ON A SEPARATE NOTE:

The Travel Team at Gow-Gates would like to wish you, your staff and your families a wonderful and safe Christmas.

This has been a busy year for all so we wish you a relaxing holiday period and we look forward to being here for you in the New Year, and any other time you need us.

MERRY CHRISTMAS!

If you believe that this issue is relevant to your business, please feel free to contact Rebecca Fleming, Account Manager of our Travel Industry Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or rfleming@gowates.com.au to discuss your circumstances or to obtain a quotation.

Gow-Gates Insurance Brokers advises that persons should not act on the material contained in this article as the items are of a general nature only and may be misinterpreted. We therefore recommend that advice be sought before acting in these areas.