Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Hotel Giant Marriott Confirms Yet Another Data Breach (techcrunch.com) 15

Posted by msmash from the security-woes dept.
Hotel group Marriott International has confirmed another data breach, with hackers claiming to have stolen 20 gigabytes of sensitive data including guests' credit card information. From a report: The incident, first reported by Databreaches.net Tuesday, is said to have happened in June when an unnamed hacking group claimed they used social engineering to trick an employee at a Marriott hotel Maryland into giving them access to their computer. "Marriott International is aware of a threat actor who used social engineering to trick one associate at a single Marriott hotel into providing access to the associate's computer," Marriott spokesperson Melissa Froehlich Flood told TechCrunch in a statement. "The threat actor did not gain access to Marriott's core network."
This discussion has been archived. No new comments can be posted.

Hotel Giant Marriott Confirms Yet Another Data Breach More

Hotel Giant Marriott Confirms Yet Another Data Breach

Comments Filter:

  • Who cares whether or not they got access to Marriott's "core network"? Clearly that's not where the credit card data is.

    • Re: (Score:2)

      by WallyL ( 4154209 )
      Agreed. The "core network" doesn't sound very important. The customer credit card data are.
  • Why design information technology systems correctly when you can save money by keeping gigs of PII and payment data unnecessarily within reach of a hotel employee?

  • why keep it (Score:4, Interesting)

    by bugs2squash ( 1132591 ) on Wednesday July 06, 2022 @12:31PM (#62678460)
    Why do they even keep the CC data after they have run the card, they should maybe keep a reference that the card company gives them that verifies the block on the card. What other data did they keep ?

    • They're just lazy. I hope people go after them and companies like them in a class action lawsuit.

      • I, a small merchant, and constantly threatened with death and damnation not from the government, but the big three card carriers if I do anything anti PCI... like, they can fine me themselves... 5-20k on first offense depending on how offensive a rule break...

        how is it that their agreements with hotel companies are not equally restrictive /written up as such... seriously...

      • Re: (Score:2)

        by gweihir ( 88907 )

        Indeed. It is time this classifies as clear proof of gross negligence unless they can prove otherwise.

    • Thus mandating data privacy laws (Score:5, Insightful)

      by pr0t0 ( 216378 ) on Wednesday July 06, 2022 @12:43PM (#62678504)

      At least in the United States, if not globally.

      Until there is strong, bi-partisan, congressional support for data privacy, as well as extremely harsh penalties for transgressions; there will never be a year without headlines like this. Never.

      I also do not think I will ever see something like that in my lifetime, unless half of congress is swept up in the breach and consequently suffers damages of time and money.

    • I participated in a tokenization project c. 2006 so we could get a token and immediately delete credit card data.

      Marriott is clearly not playing by the same rulebook.

    • Re: (Score:1)

      by Tablizer ( 95088 )

      A bank reference number and the last 4 digits as a cross-check.

  • the local desk clerk has that much info?
    You don't need hackers when an low level front line worker has CC numbers and other customer info like that.

  • At least they're being referred to as "threat actors", not "hackers".

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close