CYBER

SECURITY
Nathie Quéméner, Mathis Rigonnot, Yassine Sekkat
WHAT IS CYBER
SECURITY ?
CYBERSECURITY IS ALL MEANS OF
ENSURING THE PROTECTION AND
INTEGRITY OF DATA, WHETHER
SENSITIVE OR NOT, WITHIN A
DIGITAL INFRASTRUCTUR

The concept of cybersecurity is a recurring

theme thanks to the digital transformation
of companies, which are making
widespread use of IT tools and
communication via the Internet.
 IN A COMPANY, THE ROLE OF THE
MANAGER IS TO PROTECT THE
DATA OF HIS COMPANY, ITS
ACTIVITY AND ITS EMPLOYEES.

Cyber Security :
provides data management
protects against cybercriminals
avoids data leaks

There are differents cyber security

mechanisms :
The identification processes
Encryption of data and connections
The numerous software updates
...
 MARRIOTT IS AN AMERICAN HOTEL
GROUP SPECIALIZING IN LUXURY
ESTABLISHMENTS CREATED IN 1993

At the end of 2018, the chain experienced

AN EXAMPLE problems related to its reservation system. In

fact, the platform was attacked, endangering
the information of millions of customers

OF CYBER
SECURITY : THE FLAW THAT ALLOWED THE
ATTACK IS THAT THE STARWOOD
THE MARRIOTT RESERVATION SYSTEM WAS NOT
LINKED TO THAT OF MARRIOTT.

HOTEL CHAIN The hacking had been made possible thanks

to a Trojan horse virus which made it
possible to recover the codes of an
administrator account and thus access the
database via Starwood servers
Marriott only realized this
hacking late. This shows
that the security system at
Marriott may not have
been well developed if
security tools were slow to
discover the intrusion.
ANALYSIS OF
CYBER SECURITY

Now that we are familiar with details of the

Mariott case, let us further examine the
implications of this cyberattack.
THE INFORMATION
THAT WAS STOLEN
Names 
Phone numbers
Mailing addresses
Passport number
Account information 
Date of birth
Payment card numbers
Payment card expiration dates

THIS KIND OF INFORMATION IS OF THE UTMOST

IMPORTANCE AND EVERY BIT OF CAN BE USED
EITHER AGAINST MARRIOTT INTERNATIONAL OR
AGAINST THE CUSTOMERS THEMSELVES.
WHAT ARE THE POSSIBLE
CONSEQUENCES OF SUCH A
BREACH ?
ALL THIS INFORMATION CAN BE USED BUT MOST
IMPORTANTLY SOLD ON THE DARK WEB OR OTHER ILLEGAL
EXCHANGE PLATFORMS.

The names, phone numbers, credit card numbers and passport numbers
can be used to forge a range of fake IDs, passeports and licences. The
mailing information, date of birth and mailing addresses can be utilized to
operate other cyber attacks such as: phishing, spyware and ransomware.
 The information stolen reached a total of 500 million
customers

The information stolen on the Starwood guest server

database can be sold or acquired by other hotel chains
and tech companies in the likes of Airbnb

Marriott International was fined £100 million for this

“Mega-breach”, thus impacting the group’s turnover for
several years.

TO THIS DATE, THIS CYBER ATTACK ON A

CUSTOMER DATABASE IS THE LARGEST EVER
RECORDED AND ITS REPERCUSSIONS REACH FAR
OVER THE £100M FINE FOR THE HOTEL CHAIN. AS
THE QUESTIONS REMAINS : WHAT WAS DONE WITH
THIS INFORMATION ? AND TO WHAT EXTENT WAS
THE INTELLIGENCE GATHERED UTILIZED ?
 CONCLUSION

Data security is now more than ever a priority for all

companies, especially for international companies, holdings,
governments and financial institutions. The example of
Marriott International showed us how the loss of raw meta-
data could result in a multi-million-dollar losses. Data leaks
do not only result in financial losses, the data lost can be re-
used for criminal activities or worse depending on the nature
of the information and its sensitivity
SOME QUESTIONS
WHAT IS CYBERSECURITY ?

WHAT WERE THE INFORMATION

STOLEN DURING THE ATTACK ?

WHAT CAN BE DONE WITH THIS

INFORMATION ?