Marriott data breach cost the hotel chain only $3 million in net expenses (so far)

The massive data breach incurred by Marriott in November 2018 has cost the world’s biggest hotel chain only a scant $3 million so far, after the company’s insurer covered most of the costs associated with the hack.

AWS Builder Community Hub

Marriott’s earnings papers for 2018 reveal that the hotel chain has “recognized $25 million of insurance proceeds” related to the incident, with an additional $3 million in net expenses. Marriott reported a net income of $497 million (a 23% increase YoY) for Q4. Earnings before interest, taxes, depreciation, and amortization (EBITDA) was $864 million. From Marriott’s press release:

“In the 2018 fourth quarter, the company incurred $28 million of expenses and recognized $25 million of insurance proceeds related to the data security incident it disclosed on November 30, 2018.  The $3 million of net expenses are reflected in either the Reimbursed expenses or Merger-related costs and charges lines of the Statements of Income, which have been excluded from adjusted net income, adjusted EPS and adjusted EBITDA.”

CEO Arne M. Sorenson said the integration of Starwood (whose very acquisition was key to the embarrassing breach) is nearly complete, and that customers are enjoying “meaningful benfits” as a result of the new Marriot Bonvoy loyalty brand.

It remains to be seen what other costs Marriot will incur down the line, including reputational damage, as a result of the November 2018 breach. The incident, four years into the making, was presumably an APT, where adversaries typically conduct sophisticated hacks while remaining undiscovered for long periods of time.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: