China in the news, the hacking news that is
Everyone likes to have a fall guy or gal when something goes wrong. “Hey, that’s not my fault, I couldn’t help it that this person did that.” It seems like this is especially true when there is a data breach that makes the headlines.
EU diplomats’ communications are hacked
Russian is a convenient culprit in many cases, but recently, China has received its share of the blame. For example, it turns out that the EU had its diplomatic cables hacked and thousands of sensitive communications between diplomats at the EU and their home bases were intercepted and read, according to a report posted on SecurityWeek.com. Over the course of three years, hackers grabbed the messages, using techniques reflective of an elite Chinese military organization.
The hacked cables are likely to be more embarrassing diplomatically than threatening to security operations as the classified communications of EU diplomats travel via more secure communication channels. Still, you can be sure that the IT and cybersecurity teams at the EU are taking a look at everything.
How did the hackers get access? Evidence points to phishing attacks targeting EU personnel in Cyprus as the method used to compromise the system.
Marriott suffers one of the most significant breaches to date
China pops up again as the villain in the hack of Marriott’s Starwood reservation database. This high-profile hack exposed the personal information of up to 500 million people! According to a United States Federal Trade Commission report, information potentially stolen includes:
“People’s names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information. For some, they also stole payment card numbers and expiration dates. Marriott says the payment card numbers were encrypted, but it does not yet know if the hackers also stole the information needed to decrypt them.”
Adding insult to injury in this case, Marriott reports that the hack began in 2014 and has been ongoing. The chain is coming under fire for taking longer than other companies to report the breach upon discovery. By contrast, British Airways reported a breach a few days after its detection. Under the new EU GDPR rules, which requires notification of a breach within 72 hours, the hotel chain may face massive fines.
Here’s the reported timeline:
· 8 September 2018 — Marriott receives an alert from an internal security tool about unauthorized data access.
· 18 November 2018 — Marriott decrypts the intrusion and sees what information was stolen.
· 8 December 2018 — Marriott reports the hack on its website.
Customers of the hotel chain must now be alert to phishing scams as more bad actors flock to the scene of the crime and try to take advantage of the situation. Marriott is planning to send out emails to affected customers advising them of their options like free personal data monitoring service for a year.
But, because the bad guys know this, they will try and get customers to bite on fake emails, just like they did in the EU hack. If you have used the Marriott reservation system before 8 September 2018, you need to head over to the site Marriott has created to see what you can do. In the meantime, be suspicious of any emails saying they are from Marriott.
Trust your data and communications to CRIP.TO
Protecting your data seems to get harder every day. In our digital world, our digital persona is valuable, even if we think we do not have anything the bad guys would be interested in stealing. At CRIP.TO, we regularly advise our customers and readers to be careful with their data.
If you want to enjoy the freedom of fearless communications, free from the worry that your messages and data will be intercepted and read, trust the unique CRIP.TO solution of hardware, software, and blockchain-powered services. We provide the most secure communications solution available outside military and government entities.
You deserve the freedom to communicate fearlessly. Learn more at our site and check out our upcoming ICO while there.
