For now, there are more questions than answers regarding Marriott's announcement of a far-reaching breach of the Starwood guest reservation database.
But along with uncovering the "how" and "who" of this latest attack, the hospitality industry as a whole needs to take seriously the vulnerabilities it has for future security incidents.
Long before Marriott Internationaldisclosed a massive security breach, the hotel industry had earned the dubious reputation as a hospitable place for hackers.
Thieves have skimmed credit cards, looted loyalty accounts, and mounted complex schemes to trick clerks into downloading malicious software.
In one elaborate series of attacks known as DarkHotel, networks at individual properties were hijacked to spy on corporate executives and politicians.
In a cruder ploy, crooks have even seized control of a keyless entry system, locking down rooms until the hotel owner paid a ransom.
Now, as Marriott grapples with the fallout from its November 30 disclosure that as many as 500 million guests had their data exposed to hackers, there is a growing sense that an industry whose bedrock business is providing real-world security isn’t equipped to look after its guests in cyberspace.