Hotels Respond to PCI Compliance & Training After the Marriott Hack

The alarming rise in the number of cybercrimes and data breaches in the U.S. hospitality industry has alerted both the federal government and other regulators to intensify their oversight of hotel compliance.   

Credit card information theft and data breaches are no strangers to the hospitality industry. Courtesy of the goldmines of data processed through hotel servers, computers and point of sale systems, these businesses remain the most prone to criminal intrusions. 

The Marriott Starwood Hotels & Resorts event was possibly the most fierce and cleverly orchestrated breach in the industry yet. The event triggered a massive interest among hoteliers and managers in technology applications to protect their servers, databases, devices, and payment systems. 

The Marriott’s Starwood Hotels & Resorts Data Breach 

The Incident

In 2016, Marriott Hotels Group acquired the Starwood Hotels & Resort franchise adding it to their already illustrious portfolio. In 2018, an attempt to access the internal guest reservation database for Marriott’s Starwood brands, which include the Westin, Sheraton, St. Regis, and W Hotels was identified by an internal security tool. 

The Response

An independent investigation was ordered by the Marriott Group. Investigators established that Starwood Hotels & Resorts had been infected sometime during 2014, before Marriott’s acquisition of the franchise. 

The Cause 

The reason, the investigators explained, was the legacy I.T. and hotel technology infrastructure used by Starwood Hotels & Resort before the acquisition. Investigators went on to claim that Starwood assets should have updated their entire infrastructure to the prevailing Marriott franchise technology benchmarks. 

The Resulting Consequences 

In the aftermath of one of the longest and most severe data breaches in the U.S. business sector, records of over 500 million guests who stayed at Starwood franchises were exposed. Come 2019, and a massive lawsuit was lodged against the Marriott Group. The final settlement cost the renowned hotel group over $120 million. 

The U.S. Hospitality Industry Responds 

In the wake of continuous cyberattacks & breaches in the U.S. hospitality sector, the U.S. government and regulatory authorities are tightening their grip on hotels and their inability to comply with relevant rules. 

In April 2019, the FTC responded by releasing an updated “Data Breach Response: A Guide for Business” to ensure compliance with robust privacy laws and payment protection in hotels. This comprehensive document outlines the entire framework to enhance payment protection and cybersecurity for hoteliers. You can read through the entire policy on the FTC’s official blog here

On January 6th, 2020 the FTC published a news release titled “New and improved FTC data security orders: Better guidance for companies, better protection for consumers.” This initiative from the U.S. government is basically the sound of war drums against cybercriminals.  

In an October 2019 press release from the PCI Council, PCI SSC Executive Director Lance Johnson discussed that:

“In order to deliver on our mission to enhance global payment security, we must continue to evolve PCI Standards to ensure they meet the needs of the industry and support and enable safe commerce.” 

The official press release section of the PCI Council Website has since published updated regulations for new technologies. 

AHT Inc. PCI DSS Compliance & Staff Training 

In an age where zero-day exploits are a common occurrence thanks to constant technological innovation, AHT Inc. stands by your side as your dedicated technology manager. Have look at our distinguished service profile in our hotel technology management brochure.

About Us

Established back in 1996 as a technology management provider for hotels, Advanced Hospitality Technologies Inc. has molded itself as a leading end to end hospitality technology solutions provider. 

Supported by a team of highly skilled engineers, support teams, project managers, procurement team, financial planners, and consultants, AHT Inc. powers your hotel with scalable, reliable, and secure technologies to assist your hotel. 

Certified PCI Compliance & Training 

Our reputed Director of Information Technology, Mohammed S. Ziaee, is one of the foremost advocates of PCI Compliance and cybersecurity tools. Mohammed is a Certified Hospitality Technology Professional (CHTP) and certified Payment Card Industry Professional Trainer (PCIP). 

Our PCI Compliance staff training prepares hotel employees and management for daily cybersecurity and payment protection. We also get staff acquainted with the necessary best practices and standards as prescribed by the PCI council. 

Our Rich History of Achievements 

Among our latest endeavors, we were contracted by the illustrious Shashi Hotel Group for their gorgeous ALoft Mountain View Resort. In addition, we have also collaborated with Hilton, Sheraton, Marriott, Radisson, Best Western, La Quinta, and many other mid-scale stand-alone hotels.