After Starwood Data Breach, Marriott And Customers Face Costly Headaches

Automatic TRANSCRIPT

Support for this podcast and the following message. Come from internet essentials from Comcast. Connecting more than six million low income people to low cost high speed internet at home. So students are ready for homework class graduation and more. Now, they're ready for anything the question and answer website quarter is the latest company to report a data breach. The site says hackers may have accessed the data of one hundred million users when companies reveal massive data breaches like this. As Mary did with its Starwood properties last week. It's hard to pinpoint who stole what? And how that data was used because of that companies and their customers face a whole lot of expensive headaches. Here's NPR's Yuki Noguchi after data-breach companies undertake massive cleanup efforts to try to patch up at security and alert customers cybersecurity experts. Call this remediation Aviva lighten a cybersecurity analyst with Gardner says such costs vary. It can rain. From ten to one hundred fifty dollar a record stolen, depending on how many millions of records were stalling at half a billion affected. Guess Marriott's breach is one of the largest in recent history. It's also likely to face tens of millions of euros in penalties from new EU privacy laws that took effect this year apart from that light and says Mary out will have to pay for expensive upgrades to its security an additional fees and fines to credit card companies. But how effective are these efforts? Many experts say not very Nick Marino says director of cybersecurity in data protection at the government accountability office. I think the remediation can be pretty don't challenging not at least I think I can safely say Marino's wrote a recent report on the aftermath of last year's data breach. At equifax the credit reporting company. They're hackers stole personal information of nearly one hundred fifty million people many had to freeze their credit the cost equifax has topped four hundred million dollars to date, and this doesn't even. Clued extensive legal costs or fines. Marino says it's hard to trace incidents of fraud to a specific data breach in part because there have been so many over the years one thing that we talk about often with some of these breaches as the fact that if you take the data that was stolen from one breach combined with the data that's out there from different breaches. You know, a lot about an individual and use that information to carry out fraud. This situation has companies scrambling to protect themselves Marriott. For example, says it's trying to gauge what it cybersecurity insurance will cover but consumer advocates complain most of the cleanup falls to individual consumers who have to cancel credit cards, change passwords or monitor their credit, Mike lit with consumer group US per supports congressional proposals akin to the new European statute that would increase fines for data breaches one way to offset. These costs would be to actually make the investments on the front end John Tunis agrees. He's a class action. Attorney who? Old suit against Mary out the same day, it revealed its breach data breach litigation is gonna cost companies to want to avoid getting suit in a void regulatory scrutiny. So they're going to begin to spend more money on keeping information safe. But safety is an elusive constantly shifting goal. Even among companies that prioritize it Sean Joyce is head of cybersecurity and privacy at Price Waterhouse Coopers. He says cybercriminals have become harder to detect and defeat. It really looking at implementing box and complicated. Exploits that they're developing using machine learning joy says it's countries like North Korea that are driving the demand for hack data and their objected isn't necessarily to access an individual consumers Bank account the reality. He says is that breaches are inevitable. He offers companies this advice bite like heck to protect yourselves. Right. But what I'm saying is be prepared. And then. Have that ability to basically respond to recover quickly? You can do cheat. NPR news, Washington.

Coming up next