Hotel Giant Marriott Confirms Yet Another Data Breach (techcrunch.com) 15
Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests' credit card information. From a report: The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer. "Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer," Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. "The threat actor did not gain access to Marriott's core network."
Where the good data is (Score:2, Insightful)
Who cares whether or not they got access to Marriott's "core network"? Clearly that's not where the credit card data is.
Re: (Score:2)
Least Privileged Elites (Score:2)
why keep it (Score:4, Interesting)
Re: (Score:2)
They're just lazy. I hope people go after them and companies like them in a class action lawsuit.
Re: (Score:2)
I, a small merchant, and constantly threatened with death and damnation not from the government, but the big three card carriers if I do anything anti PCI... like, they can fine me themselves... 5-20k on first offense depending on how offensive a rule break...
how is it that their agreements with hotel companies are not equally restrictive /written up as such... seriously...
Re: (Score:2)
Indeed. It is time this classifies as clear proof of gross negligence unless they can prove otherwise.
Thus mandating data privacy laws (Score:5, Insightful)
At least in the United States, if not globally.
Until there is strong, bi-partisan, congressional support for data privacy, as well as extremely harsh penalties for transgressions; there will never be a year without headlines like this. Never.
I also do not think I will ever see something like that in my lifetime, unless half of congress is swept up in the breach and consequently suffers damages of time and money.
Re: (Score:3)
I participated in a tokenization project c. 2006 so we could get a token and immediately delete credit card data.
Marriott is clearly not playing by the same rulebook.
Re: why keep it (Score:3)
Re: (Score:1)
A bank reference number and the last 4 digits as a cross-check.
the local desk clerk has that much info? (Score:2)
the local desk clerk has that much info?
You don't need hackers when an low level front line worker has CC numbers and other customer info like that.
Threat actors, huh? (Score:2)