Marriott Data Breach Case Study: Brand Reputation Management

Marriott Data Breach Case Study: Brand Reputation Management

Get free samples written by our Top-Notch subject experts for taking assignment help UK services.

Marriott International.

Marriott International is a diversified, multinational company dealing in the hospitality industry since 1927, the company is based in Maryland, United States. It is the largest hotel chain in terms of several rooms available with 1.4million. The company deals in more than 130 countries, has 7400+ properties, and 30 brands. The company is present in more than 8,400 locations all over the world, the company generates revenue of over a 5.37billion (Marriott International,2021).

Starwood and Marriott.

Starwood was acquired by Marriott in the year 2016 with its 11 brands, 1290+ properties, in about 100+ countries.

Case: Marriott Global data breach.

In the year 2018, Marriott reported a data breach of one of the reservation systems. It was identified later that Starwood even after the acquisition was not using the Marriott reservation system instead it was using the one inherited by the Starwood company. This was considered one of the loopholes in the system that led to the data breach. The identity of the cybercriminals couldn’t be identified and it was assumed that the breach was conducted by mass theft of consumer data. A large amount of sensitive data was duplicated as per the reports of investigations (NPR Cookie Consent and Choices, 2021).

Impact on Marriott.

• Reputation: The company lost the trust of various customers, investors, employees, and government due to t the lack of data security leading to loss of sensitive data such as passport details, age, health records, etc. The company faced negative word of mouth, negative content on social media, loss of trust and business (Expertise and Breach, 2021).
• Financial loss: the share price of the company dropped by 8.7%. the company was charged a fine of more than 140 million. They also agreed to pay credit card replacement charges to the customers affected by the breach.
• Non-operational cost: the effect on the business due to the non-operational period also affected the revenue of the company.
• Human resource: the company losses valuable employees due to such data breach due to various reasons such as lack of trust, increased work, and impact on the reputation which affects their personal lives.
• Legal actions: the company went through several legal procedures due to multiple lawsuits by the employees, customers, and others. The company also had to pay various charges which also impacts the business.

Marriott’s response.

The company accepted the fault and apologized for the same. Both Starwood and Marriott were guilty of the data breach. The company agreed to pay compensation to the customers and a fine as per the GDPR law. The company made changes to the security system such as changing the entire system from analytical to transactional as transactional systems are difficult to be hacked (Gwebu and Barrows, 2020).

Future suggestions.

It is quite common that cybercriminals attack famous companies, therefore precaution is the best shield against such impacts. The company should prepare the response plan for data breaches such as regular updates of the system and antivirus. Regular checking of the possible hacking and use encrypted passwords. The company must limit access to sensitive data, all the third-party vendors must company to the data security policies of the company (Meglio,2020). Also, limit the types of data that third-party vendors can view or use without permission.

The data security training must not be restricted to the IT departments, every employee must attend and learn the security awareness training. All the software must be updated regularly, a cyber breach response plan must be prepared. Most importantly, the company must have cyber insurance to prevent large financial losses to the company.

Conclusion and recommendations.

The negative incident caused multiple impacts to the company such as loss of trust and reputation, loss of investments, the decline in the share prices, etc. the company, however, managed to deal with the losses and gain the trust of the customers due to a strong built reputation in the market and immediate response as apologies and compensation to the customers. In the era where data is becoming a crucial asset, it is essential to take measures to prevent any breach which can cause multiple negative impacts to the reputation of the brand leading to financial losses.

References.

Expertise, O. and Breach, T., 2021. The Marriott Data Breach - Lessons Learned For Boards. [online] Oliverwyman.com. Available at: <https://www.oliverwyman.com/our-expertise/insights/2018/dec/the-marriott-data-breach.html> [Accessed 13 March 2021].

Gwebu, K. and Barrows, C.W., 2020. Data breaches in hospitality: is the industry different?. Journal of Hospitality and Tourism Technology

Meglio, M., 2020. Embracing Insecurity: Harm Reduction through a No-Fault Approach to Consumer Data Breach Litigation. BCL Rev., 61, p.1223

Npr.org. 2021. NPR Cookie Consent and Choices. [online] Available at: <https://www.npr.org/2018/12/12/675983642/chinese-hackers-are-responsible-for-marriott-data-breach-reports-say> [Accessed 13 March 2021].

Marriott International, 2021. [online] Available at: <https://www.marriott.com/marriott/aboutmarriott.mi> [Accessed 13 March 2021].