Show of hands: How many of you were robbed during the past week?
I was—and I bet most of you were, too. The stolen item in question? Personal data.
Sometime last week, hackers wormed their way into the supposedly secure servers at Epsilon, a marketing company in Texas that stores the names and email addresses of more than 250 million consumers for companies around the globe—companies like Hilton Worldwide and Marriott International and Red Roof Inn and Ritz-Carlton and Best Buy and Target and Walgreens and U.S. Bank and Brookstone and L.L. Bean and … phew! (The list keeps going.)
Fortunately, no financial information was breached, and the victims—that’s you and me, dear reader—likely will only suffer some unwanted spam.
We here at HotelNewsNow.com have covered data security in the past, and I encourage you to view our special report, “Data security 101” for a refresher.
This particular instance, however, is noteworthy for three reasons:
1) The sheer breadth of the breach. We’re in an increasingly digitized, interconnected world, folks. A security gap in Texas can now affect people anywhere from Cleveland (that’s me) to Copenhagen. It’s both fascinating and frightening at the same time.
2) How commonplace this type of occurrence has become. When I received an email yesterday morning from Hilton HHonors alerting me to the possible breach of my account, I didn’t spit out my Kashi GoLean Crunch in a state of abject horror. I simply skimmed through the message, shrugged my shoulders and went on with my day. Or as a fellow editor put it during our daily news meeting: “This type of stuff just happens all the time.”
It amazes me we’re at a place where one of the biggest breaches doesn’t cause us to bat an eye. Maybe we’ve gotten so used to sending our credit cards numbers and birthdates and other personal info online that we expect a hack or two to chip away at our personal identities.
Now, don’t get me wrong. I’m not advocating against hotel companies working to prevent cyber attacks. They risk serious liability (in the form of millions and millions of dollar in lawsuits) for subpar security precautions online—not to mention the black eye on the company brand and reputation that could result.
Which brings me to my third point …
3) The proficiency of the company response. That HHonors email I mentioned earlier? I received it before I read or heard a single story about the breach from any news outlets.
Companies have gotten very good at responding in the face of these attacks. Hilton, for example, quickly acknowledged the problem, explained who and what data was at risk, and outlined the ramifications. It also suggested some precautionary tips for members and underscored its commitment to address the manner and strive for better data security in the future.
Mere lip service? The cynics among you might think so. But I’ll take a more optimistic viewpoint. Despite their shortcomings, companies like Hilton and Marriott deserve kudos for acting fast and keeping the lines of communication open. As public relations guru Rich Roberts said in his column last year, “Hotel brands must own up to security shortcomings, disclose plans for fixing their problems (without, of course, revealing information useful to the crooks), commit to data-security standards established by the PCI Security Standards Council and pledge prompt, public notification of any future breaches.”
