Sign up for our weekly newsletter!
REGISTER NOW
Comments
Newest First | Oldest First | Threaded View
Susan Fourtané
Susan Fourtané
1/12/2019 3:58:38 AM
User Rank
Guardian
Re: No need for a hotel to store such data in their system
That's a good question. Of course the details of this case will remain private. But it would good to know. 

50%
50%
mhhfive
mhhfive
1/6/2019 1:21:19 PM
User Rank
Guardian
Re: No need for a hotel to store such data in their system
I have to wonder who actually designed/built Marriot's customer database system. I assume it wasn't home-grown, but built by an outside contractor with more technical expertise than a hotel chain. If so, it should highlight the dismal privacy design in software development services in general. And I would hope that GDPR might help to educate tech firms -- but will the contractors be held liable?

50%
50%
Susan Fourtané
Susan Fourtané
1/6/2019 8:16:52 AM
User Rank
Guardian
No need for a hotel to store such data in their system
Thanks for the update. I also wonder if this case affected the number of bookings they have had after the breach was made public. 

There is no need for a hotel to ask for so much information, keep it, and store it. Any of the following guests' information should be stores under any cirmustances by any hotel: mailing addresses (Really?What for?), phone numbers, email addresses, passport numbers, Starwood Preferred Guest ("SPG") account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences. 

I have questioned this a few times after checking-out and have asked them to delete my information from their system, which they said they would. 

" ... the hotel chain did find that 5.25 million unencrypted passport numbers were stolen during the breach, and that whoever was behind the attack also accessed about 20.3 million encrypted passport numbers, as well." Again, why does a hotel have to store all those passport numbers to begin with? 

 

50%
50%


Latest Articles
A new report by the US Government Accountability Office could be the catalyst for meaningful change on the Internet privacy front.
The kinds of threats an organization encounters are changing as the defenses that are brought to bear upon them change.
Russian threat actors were the most prolific last years – and were eight times faster at 'breaking out' than their nearest rival.
Cloud projects are big. Huge. So it's not perpetuating FUD to point out that cloud transformation still bears security and data-stewardship risks. But what appears too big a challenge for mere man might be no match for machine.
Zero-day vulnerabilities are serious, and on the rise. And IT-security teams make the problem worse when they fail to respond, or respond poorly, to responsible vulnerability disclosures.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading - an Informa business, trading within KNect365 US, Inc. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with