Both Marriott and Voi have recently had data about millions of their customers leaked, the prior by a hack and the latter by poor security set-up. The conclusion: The current systems for ensuring the safety of our customer’s data are far from sufficient.
In late November last year, the hotel chain Marriott announced that they had been the target of a data hack, exposing the information of 500+ million customers. The hackers had access to the customer data since 2014, but it took Marriott five years to realize they had been hacked. During that time, the hackers had access to names, phone numbers, email addresses, passport numbers, dates of birth and arrival and departure information of 327 million of Marriott’s customers. Besides that, for millions of others, the credit card numbers and card expiration dates were also potentially compromised.
Just a few days ago the electric scooter company Voi, that has placed scooters in major cities all over Europe, had 460.000 of their customer’s names, emails and phone numbers exposed openly on the internet. According to the German media company Bayerischer Rundfunk, the data was accessible by anyone without having to break any rules or even be a very proficient hacker.
Photo by Denniz Futalan from Pexels
Both of these incidents are very severe and point to the fact that the systems that many companies rely on to keep their customer’s data safe are insufficient. Whether it be by poor process design, a lack of understanding, or simply an outdated IT-system, there is a great need for better ways to protect the data customers entrust companies with. Poor PR is also not the only thing that can come from such data leaks. In light of the recent EU-directive GDPR, companies now also run the risk of getting hefty fines. In the Marriott-case, the data-breach has been deemed one of the most severe in history, and it will take several months for regulators to investigate the situation fully.
Had the companies instead ensured that the customer data could only be accessed by authorized personnel and had warning systems in place, the breach would either never have been possible or stopped a lot earlier. As a customer in today’s tech-world, your personal data can wreak havoc in your personal life on a scale previously unimagined. A leak such as the ones at Marriott and Voi, should therefore simply not be possible, especially since there are systems available that would have prevented them.
It’s time that companies accept their responsibility, and take measures to ensure that such leaks are not possible. Finding secure IT-systems is not an impossible feat, rather, there are companies like Covr Security that make sure that your customer’s data will remain safe and secure, while still allowing the information to be accessed by the right person at the right time. Security is not just a fancy word to be thrown around in the corporate visionary document, it’s a necessity to ensure that you have a business in the years to come.
Covr Security AB, located in Malmo, Gothenburg, Stockholm, Frankfurt and Palo Alto, is a Swedish cybersecurity company. We have developed a next-generation, user-centric mobile security management app for a wide range of heavily regulated digital industries that depend on strong customer authentication and privacy. The Covr app is available both as an off-the-shelf authentication mobile app ready for a quick launch and as a powerful SDK for hassle-free integration into existing mobile applications.