There are lessons here for all of us:
Last Friday, Marriott sent out millions of emails warning of a massive data breach — some 500 million guest reservations had been stolen from its Starwood database. One problem: the email sender’s domain didn’t look like it came from Marriott at all. Marriott sent its notification email from “email-marriott.com,” which is registered to a third party firm, CSC, on behalf of the hotel chain giant. But there was little else to suggest the email was at all legitimate — the domain doesn’t load or have an identifying HTTPS certificate. In fact, there’s no easy way to check that the domain is real, except a buried note on Marriott’s data breach notification site that confirms the domain as legitimate.
Read more about the massive Marriott data breach and its even worse response on Techcrunch.
- Working in Cybersecurity: Life on the front lines, in the C-suite, and everywhere in-between
- AWS introduces 4 new services for IoT applications
- Is This Negligence? Atrium Health data breach exposed 2.65 million patient records
- What If This Is The Most Important Thing The Government Can Do To Enhance Our Cybersecurity and Prepare us for Cyber War?
- Highlights From Amazon’s AWS re:Invent 2018
- OODAloop nails it again with reporting on Bitcoin price manipulation