A recent (2018-11-29) breach involving records from a large Marriott business unit could impact up to 500 million guests. The word “breach” is likely to dominate news coverage, but “big data” #BigData is the bigger part of this story.
Rather than the typical email address and password fields, the Starwood potential disclosure includes much more — passports and travel history. If exposed, and the status of encryption keys remains unclear as of this writing, the leak of such information to bad actors has implications for big data security that are at the center of the NIST Big Data Public Working Group’s work in security and privacy.
As Forrester’s Jeff Pollard and Enza Iannopollo observed on ZDNet:
Travelers’ data is now in the hands of at least one set of attackers, possibly more. Your habits, destinations, frequently visited areas, preferred arrival times, and more is now out there without your consent. Four-plus years of travel data on 500 million people is one massive data set for an evil data scientist to use to profile people. Companies involved in sensitive industries that have heightened physical safety risks will have to evaluate how this affects them. They made need to change travel habits or plans for key individuals that might be caught up in this breach.
Over time, the relative safety afforded by obscurity declines. As the sophistication of hackers increases, and the stakes grow ever-higher with centralized, monopolistic systems, big data attacks will certainly recur. What to do? See Volume 4, Revision 2 of the NIST Big Data Working Group for a helpful framework.