The massive hotel chain’s cyberattack could affect as many as 500 million of its customers.
The Marriott data breach is now believed to affect as many as 500 million of its customers. The hotel giant is protected by cybersecurity insurance, but the cost of the cyberattack’s cost could be in the billions over coming years.
These types of mega-breaches are becoming more commonplace and more costly all around.
Based on data from other similarly sized breaches, the Marriott data breach will come with a multi-billion dollar price tag over the next few years. According to the hotel company, the information of around 500 million guests may have been accessed from within its Starwood network. Customers potentially affected are those whose data has been in that network between 2014 and 2018.
An estimated 327 million of those guests have possibly had immensely sensitive data exposed. This includes everything from gender, email and date of birth, to phone numbers and even passport numbers. In some cases, payment card data may also have been accessed, but payment data is encrypted.
Early estimates place the expense of the Marriott data breach at about $3.5 million.
These estimates, published in a recent ZDnet report on the cyberattack, were based on figures in an IBM study by Ponemon on the cost associated with large data breaches. That report stated that it would cost about $350 million for a breach affecting 50 million records. It was based on a model constructed using data from 11 companies affected by “mega breach” events in the last couple of years.
The estimates for the Marriott cyberattack suggested that if there were indeed 500 million affected customers, it will cost around $3.5 billion.
What is not yet known is whether it is possible for consumers to exit the Marriott and Starwood reservation system, considering its broad reach. This issue arose during the Equifax cyberattack when the circumstance revealed that customers were essentially locked in place. The $3.5 billion is based on that potential worst case scenario.
That said, if it turns out that the number of customers is closer to 300 million because the 
Marriott data breach did not affect “locked in” customers within the reservation system, then the overall cost would drop substantially. Still, it would bring about an estimated $2.1 million in costs, said the report.
