National Cyber Security Centre
Statement: Marriott International data breach
The latest NCSC statement following reports of a data breach affecting Marriott International
A spokesperson for the National Cyber Security Centre recently said:
"We are working with partners to better understand the data breach affecting Marriott International and how it has affected customers.
“The company has confirmed an unauthorised access to a database they say contains information on up to approximately 500 million guests worldwide who made a reservation at a Starwood property.
“The NCSC website includes advice for people who think they have been affected by a data breach, including guidance on suspicious phone calls and targeted emails that can be sent after a data breach.
“We also recommend that people are vigilant against any suspicious activity on their bank accounts and credit cards and contact their financial provider if they have concerns.”
- Marriott has published their latest information here.
- If a member of the public thinks they have been a victim of cyber crime or cyber-enabled fraud, they should use Action Fraud’s online fraud reporting tool any time of the day or night, or call 0300 123 2040.
- If you have been told that your personal details, such as your password, may have been accessed, you should ensure those details are not used on any other accounts
- Victims of cyber crime should be vigilant against suspicious phone calls or targeted emails
NCSC advice on phone calls
- If you do receive a phone call that is suspicious - for example, one that asks you for security information - do not divulge any information, and hang up.
- Pick up the phone and make sure there is a dial tone to ensure the caller is not still on the line.
- Contact the organisation that the caller claimed to be from – never using the details they provided during the call.
NCSC advice on targeted emails
- Fraudsters can use the data they’ve acquired to make their phishing messages look much more credible, including using real names and statements such as: 'To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number'.
- These phishing messages may not relate to the organisation that has been breached, and may use more well-known brands. The NCSC has guidance on protecting yourself from phishing.
- Usually, if you are the target of a phishing message, your real name will not be used. However, if fraudsters do have your name, people will need to be extra vigilant around any message that purports to be from an organisation they deal with - especially when there are attachments or links which take people to sites asking for more personal information.
Latest News from
National Cyber Security Centre
Alert: Microsoft SharePoint remote code vulnerability17/05/2019 13:15:00
The NCSC has seen high levels of successful attacks against UK organisations so system owners need to check that actions have been taken against this vulnerability.
Data breach roles outlined at cyber conference26/04/2019 09:15:00
Victims of cyber incidents will benefit from an improved approach to breaches between the UK’s technical authority for cyber threats and its independent authority for data protection.
Global intelligence agencies to share UK stage for first time at CYBERUK24/04/2019 15:15:15
'Five eyes' agencies will share a stage for the first time at CYBERUK 2019 to discuss global cyber attack resilience.
Most hacked passwords revealed as UK cyber survey exposes gaps in online security23/04/2019 14:15:00
The NCSC's first 'UK cyber survey' published alongside global password risk list.
Next-gen start-ups to partner with National Cyber Security Centre15/04/2019 15:20:00
Security experts are calling on cutting-edge tech entrepreneurs to help develop the next generation of cyber security solutions.
GCHQ cyber courses recognised by qualification board09/04/2019 08:20:00
CyberFirst courses recognised by the Scottish Qualifications Authority (SQA)
Royal Masonic School for Girls crowned winners of biggest cyber competition to date26/03/2019 11:15:00
The winners of the 2019 CyberFirst Girls competition have been crowned.
Security research highlights central role children play25/03/2019 10:20:00
Research highlights the importance of children when it considering online safety