The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Marriott Suffers Massive Breach.... Or Did It?

See Article Here

I was sent a message early in the morning, from a friend, informing me of the Marriott breach. I was barely awake at the time and said to myself, et tu Marriott? Then I said to myself, before reading any reports, I bet it was because of the Starwood merger. You know I am a Breach Whisperer! If you didn’t know, a couple of years ago Marriott acquired Starwood brands (Westin, W, Sheraton, etc) and they began the process of merging together all of their systems. Just this year they were able to merge their rewards programs together.

Sure enough, my instinct was right, it was the Starwood Reservatios system that had been compromised for the last 4 years. Marriott has owned the company for 2 years so that means the breach had been going on for 2 years before Marriott came along. However, that it is not an excuse it is Marriott’s breach. The only point I want to draw out is when companies are merged and/or acquired, cyber security issues are also merged and/or acquired. If any of you have ever had to deal with companies that just acquire company after company, blindly connecting M&A networks with their own networks, without one thought to whether the company is already compromised, you have lived that nightmare! Just imagine how many more people that would have been compromised if Marriott had rushed and connected both reservations systems. Holy Cow!

Board of Directors of any company should mandate a compromise assessment be performed before approving a M&A deal. Because in the end, even if it doesn’t happen on your watch, it is still your breach!