Vendor Liabilities: Starwood Hotels and LANDESK Data Breaches

December 01, 2015//Tori Taylor

Last Updated: May 12, 2022

Starwood Data Exfiltrated Through Insecure Third-Party Connections

Starwood Hotels and Resorts recently notified patrons of data lost to hackers who compromised Starwood systems as early as November 2014. Lost data—and malware—are critical threats to businesses that use third-party vendors.

On November 20, Starwood informed consumers about the discovery of malware on computer systems involving Sheraton, Walt Disney World Dolphin, Weston, St. Regis, and W hotel properties. While news of any data loss can cripple business relations, this announcement came just four days after Marriott International and Starwood announced a merger, involving a $12.2 billion buyout of Starwood by Marriott.

With hackers netting both debit and credit information, the security codes, expiration dates, card numbers and cardholder names were exfiltrated through insecure third-party connections, like those in restaurants and gift shops of the Starwood properties. Similar to the well-known Target data breach, the malware responsible was located on point-of sale machines. Starwood does not believe its membership or guest registration files were compromised but cannot be certain.

Starwood is not the only hotel chain targeted for data intrusion. As we discussed earlier, Trump Hotels reported seven of its properties were compromised by malware for over a year. Hilton Hotels, Mandarin Oriental, and White Lodging, all investigated data breach events this year.

While malware is used to siphon away proprietary, business and personal data, it is also surreptitiously used to build back doors into SaaS platforms. This form of infiltration is particularly dangerous because the compromise of an enterprise or security platform may leave users vulnerable to data theft—or covert, long-term exfiltration activity.


“Unusual Activity” at LANDESK

A recent example of a critical SaaS hack occurred at LANDESK, a well-known and popular enterprise management and security platform. On November 25, LANDESK notified users of “unusual activity” discovered on its IT systems. The hack was identified after LANDESK employees complained of a network slowdown, and a LANDESK developer requested information about LANDESK IT activity on his server.

According to security blogger, Brian Krebs, the system logs at LANDESK suggest the security breach occurred in June 2014, and that significant archiving of source code had taken place in the intervening time.

LANDESK promotes its security tools as effective against “multiple security and zero-day threats…[and] ensures your user environment is stable and secure.” In its message to users, LANDESK encourages potentially affected parties to:

      • Regularly and routinely survey LANDESK and other IT systems for unauthorized use
      • Use system tools to apply patches
      • Stay timely with updates
      • Adhere to IT best practices


The Dangers of Malware

The Starwood and LANDESK hacks illustrate how malware is used to gain information—and possibly create permeable thresholds between hackers and enterprise—through point-of-sale and SaaS platform contacts.

While Starwood announced outright which commercial properties were impacted by the hack against that brand, LANDESK notes, “we can’t comment on the specifics of the investigation.”

It remains unclear whether secrecy or exposure is a better business tactic for containing reputation and asset damage to businesses under cyber attack. What is clear, though, is the importance of preventing such attacks.

At SecureLink, we focus on secure products for technology providers and enterprise to improve processes, reduce costs, and maintain network coherence. High definition audit service and defined user access give you fast, accurate information about your system—and who is using it. Whether you want to ensure secure contact with your vendors—or provide secure services to your client—SecureLink is the leader in remote access solutions.

Request a demo today to see third-party remote support software in action.

close close