With more the 500 million individual accounts put at risk and the years-long time period before the data breach was identified and contained, the bill for the Marriott security debacle may climb to over $3.5 billion dollars, depending upon the amount of insurance the hotel chain carried.
Larry Dignan filed this report on ZDNet:
The hotel company said that information on about 500 million guests may have been breached on its Starwood network since 2014. For about 327 million of those guests, personal information such as date of birth, gender, email, passport numbers, and phone numbers may have been exposed. In some cases, payment card information may have been exposed, but that data was encrypted.
A recent IBM study by Ponemon on the cost of large data breaches estimated that a breach of 50 million records will have a total price tag of $350 million. IBM and Ponemon modelled the costs based on a sample of 11 companies hit with a “mega breach” over the past two years.
IBM/Ponemon also calculated costs based on lost business and include everything from tech spending to legal fees to remediation and customer churn. What’s unclear is whether consumers can abandon Marriott and the Starwood reservation system given its vast footprint. Equifax had a similar situation with relatively locked in customers. Given those rough figures, the worst case for Marriott expenses would be $3.5 billion if 500 million consumers were affected. The tab could be lower and more in line with 300 million breached records, or $2.1 billion.
