Equifax and Marriott CEOs Testify About Security Breaches

U.S. Senators grilled Equifax and Marriott CEOs about data breaches at the companies in the past two years. Equifax CEO Mark Begor responded to questions following a Senate subcommittee report titled, “How Equifax Neglected Cybersecurity and Suffered a Devastating Data Breach.” The report concludes an investigation of the 2017 breach of 143 million customers’ personal data and accuses the company of not prioritizing security, not following its own patching policies, failing to notify the public in a timely manner, and more.

Begor defended the company and blamed the increasing sophistication of hackers:

“These attacks are no longer just a hacker in the basement attempting to penetrate a company’s security perimeter, but instead are carried out by increasingly sophisticated criminal rings or, even more challenging, well-funded nation-state actors or military arms of nation-states.”

But Senators pointed out that credit company competitors Experian and TransUnion have managed to avoid similar attacks.

The Marriott breach affected 83 million guests of Starwood, which Marriott acquired after the breach took place. Compared to the Equifax situation, Marriott got a pass from senators, such as Tom Carper of Delaware, who said, “The data breach announced by Marriott this past November does not appear to have been caused by the same cultural indifference to cybersecurity the record indicates existed at Equifax. Rather, it looks like Marriott inherited this breach from Starwood.”

Marriott has been consistent in blaming Starwood for the issue, wanting to preserve the brand. In his testimony, CEO Arne Sorenson reinforced the company separation:

“We conducted an assessment on integrating the two systems, although this inquiry was legally and practically limited by the fact that until the merger closed, Starwood remained a direct competitor.”

Here is Sorenson interviewed on CNBC:

Discussion:

  • Watch some of the testimony. How well did each CEO handle the Senators’ questions?

  • Assess Sorenson’s appearance on CNBC. What did he do to try to rebuild the company’s image? What persuasive strategies did he use?

  • Review the subcommittee’s report on the Equifax breach. How is the report organized? How would you describe the writing style and tone? What suggestions would you have for the authors to improve readability?

  • From your perspective, what leadership character dimensions do the CEO illustrate or fail to illustrate?