Sign up for our weekly newsletter!
REGISTER NOW
Comments
Newest First | Oldest First | Threaded View
Susan Fourtané
Susan Fourtané
1/12/2019 3:58:38 AM
User Rank
Guardian
Re: No need for a hotel to store such data in their system
That's a good question. Of course the details of this case will remain private. But it would good to know. 

50%
50%
mhhfive
mhhfive
1/6/2019 1:21:19 PM
User Rank
Guardian
Re: No need for a hotel to store such data in their system
I have to wonder who actually designed/built Marriot's customer database system. I assume it wasn't home-grown, but built by an outside contractor with more technical expertise than a hotel chain. If so, it should highlight the dismal privacy design in software development services in general. And I would hope that GDPR might help to educate tech firms -- but will the contractors be held liable?

50%
50%
Susan Fourtané
Susan Fourtané
1/6/2019 8:16:52 AM
User Rank
Guardian
No need for a hotel to store such data in their system
Thanks for the update. I also wonder if this case affected the number of bookings they have had after the breach was made public. 

There is no need for a hotel to ask for so much information, keep it, and store it. Any of the following guests' information should be stores under any cirmustances by any hotel: mailing addresses (Really?What for?), phone numbers, email addresses, passport numbers, Starwood Preferred Guest ("SPG") account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences. 

I have questioned this a few times after checking-out and have asked them to delete my information from their system, which they said they would. 

" ... the hotel chain did find that 5.25 million unencrypted passport numbers were stolen during the breach, and that whoever was behind the attack also accessed about 20.3 million encrypted passport numbers, as well." Again, why does a hotel have to store all those passport numbers to begin with? 

 

50%
50%


Latest Articles
The Internet is going to run out of address space sometime this month.
Confiant has spotted the known threat actor eGobbler back in action.
Israeli-based Cyberint has found evidence of remote access Trojans being used in attacks on financial entities in the United States as well as worldwide.
Sources say that the company was being used as the start of 'digital fishing expeditions targeting at least a dozen Wipro customer systems.'
Bromium has uncovered US-based web servers that are being used to host and distribute these kinds of malware including banking trojans, information stealers and ransomware.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading - an Informa business, trading within KNect365 US, Inc. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with