Marriott Hacked, Again. Will Face Few Repercussions, Again.

from the groundhog-day dept

You know the drill. Company X over-collects user data in the hopes of monetizing it, then does a poor job securing it or giving their customers control over it. If you’re lucky, Company X comes clean about its failures, whether it’s a hack or just leaving customer data openly accessible on an unsecured Amazon cloud bucket. If you’re not, you’ll find out about the breach years later.

Company X might get a few days of bad headlines that are quickly forgotten in an era of percussive catastrophe and short attention spans. If they’re extremely unlucky, they might get a wrist slap fine from an over-extended FTC or state AG. They might even have to throw a few bucks to class action lawyers, pennies of which will wind up in the pockets of the actual victims.

But the most likely outcome for Company X is a day of bad press, a half-hearted mea culpa, and providing some free (and often useless) credit reporting for a year.

This is all made possible because we’ve intentionally underfunded and understaffed FTC regulators in charge of privacy, refuse to pass even a baseline modern federal privacy law, and have, time and time again, prioritized wealth accumulation over the health and safety of consumers and markets alike.

Every week there’s a hack, scandal, or breach that proves the point. And every week we seemingly learn nothing from the experience.

Case in point: Marriott revealed the company had been compromised for the third time in the last seven years or so. This time around, hackers managed to grab 20 gigabytes of valuable customer data, including credit card numbers and other personally identifiable information, by tricking an employee into giving them access to their computer.

As is usually the case, Marriott downplayed the width and breadth of the hack to press outlets:

“Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer,” Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. “The threat actor did not gain access to Marriott’s core network.”

Here’s the thing, though. Hackers had already breached the hotel chain in 2014, gaining access to 340 million guest records planet wide. That hack wasn’t even revealed until 2018, at which point Marriott saw a $123 million fine its lawyers were able to talk down to $24 million. Another 5.2 million guests had their data breached in another 2020 attack. Lawsuits for the first, 8 year old hack are still ongoing.

Though not necessarily related, there was also that time the company blocked visitor access to all Wi-Fi signals to force users onto their $1000 per device network.

Companies like this don’t really change or improve because there’s no genuine incentive to change or improve. Any short-lived reputational or financial penalty is a miniscule cost in the overall revenue stream for giant corporations, so paying a penalty for issues you refuse to truly fix just becomes the cost of doing business.

A cross industry coalition of companies have lobbied Congress into fecklessness on privacy. Those same lobbyists back politicians looking to undermine regulatory oversight and overall authority (see: that time the GOP gutted even modest FCC broadband privacy rules). As the courts become increasingly corporatist right wingers, meaningful legal accountability for lax privacy becomes increasingly difficult.

Which means nothing changes in this dynamic as it relates to privacy until there’s a scandal so dangerous and grotesque that Congress is forced to act. The post-Roe landscape could easily provide such an example, but even then it’s not clear Congress will have the backbone to finally support even baseline accountability on the privacy and security front, or the courts won’t undermine them if they did.

Filed Under: , , , , , , ,
Companies: marriott

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Marriott Hacked, Again. Will Face Few Repercussions, Again.”

Subscribe: RSS Leave a comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...