Slashdot Mirror
Marriott Discloses Missing Data Files
An anonymous reader writes "Marriott International has admitted that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company." From the Washington Post story: "Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost. An internal investigation produced no clear answer. The company notified the Secret Service over the past two weeks, and has also told credit card companies and other financial institutions about the loss of the tapes."
Can anyone tell me why Marriot has the SSNs of Customers?
Time-share owners, maybe, employees definately, but customers? Why?
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
We can only hope these tapes have been misplaced or actually lost rather than stolen for the information they contain.
;)
All backups should be done on VERY obscure hardware to reduce the danger of things like this
If the crooks can't read the tapes theres no problem (same goes for strong encryption)
liqbase
I stayed in a Holiday Inn Express last night.
With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!
The theory of relativity doesn't work right in Arkansas.
8th post! On a more serious note, even if this data was lost through no fault of Marriott's (stolen, say), I think this points out the need to legislate a consumer notification requirement. If there is a reasonable chance that my name and info are on one of those tapes, I think Marriot has the obligation to let me know. They will never do so without being compelled.
Regards, John Hancock.
Mid November? I think some people would have wanted to know sooner. Why are we just now finding out about this?
Comment removed based on user account deletion
Now wifey will never know.
Back in ancient days (pre-500 AD for example), it was not a rare thing for vaguely look-alike, or not even look-alike people, to claim to be someone famous/important in a village or town where nobody could invalidate the claim (or those who would validate it were being duped or willing participants).
This is a quite old crime. The difference is that now identity theft of everyday people can be lucrative, and you don't even need to look like them or deal with tricking others. And you don't have to worry about being lynched or stoned, just going to jail.
Hunt your preferred prey at Aliens vs Predator MUD. Join the war at avpmud.com port 4000
The reason you're now hearing about is because states (California and others) have begun passing laws requiring companies to disclose these types of events.
Let me ask a simple question: Why don't they encrypt this stuff?
Many companies out there wouldn't even know if their tapes had been misplaced or lost. At 3 companies I've worked for, we've had tapes lying around in managers' offices and server rooms, many that contain information that could be used for identity theft.
Marriott has handled this correctly and deserves some credit for doing so. At least they're not trying to cover it up like some companies would.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
I'm glad to read Marriot is offering credit fraud monitoring to the affected people like how Ford offered to its employees when they recently lost 70,000 employee/retiree SSNs. Unless it is lifetime monitoring I fail to see the long term value.
Wait a second, why don't the credit bureaus offer free lifetime credit fraud monitoring to everyone in the first place?
Speak truth to power.
After all has been said and done, it honestly appears that Marriott International has taken the appropriate steps in this situation: they performed an internal search, then notified not only the authorities but also credit institutions. This helps to mitigate any misuse of this information as quickly as possible. They even did this before making it public, so that as much progress in discovering what has actually happened could occur before everyone (possibly including the perpetraitors) was aware.
Kudos to a company not ignoring problems but handling them directly!
Why worry about government spying when corporations can simply bungle your personal info out into the wild? (Bunge in the jungle, if you will).
ELOI, ELOI, LAMA SABACHTHANI!?
This is exactly the reason why we never make backups. What does not exist, cannot be stolen :)
Slashdot needs to keep up on the news better. I saw this on the drudge report a week ago!
Forgive me for being uninformed, but why would the Secret Service be the agency responsible for investigating this type of incident?
Unless Valerie Plame had a timeshare.....
-- If you try to fail and succeed, which have you done? - Uli's moose
I read about this in the post almost a week ago. Its finally posted to slashdot on a Sunday, and a "holiday" Sunday at that.
Discuss.
</Linda Richman>
AC for obvious reasons...
;-)). Anyway, the first day, FIRST DAY! I was working there I had access to all the back-up tapes for the past month with every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates. The tapes are all sitting in a filing cabinet in the front office.
I work the front desk at a competing 4-star hotel chain. I work the night shift ($10/hr to sit there babysitting the desk and reading/fiddling on my laptop, great job for students
So many people touch the tapes, front desk staff/accounting/reservations/IT, that if one went missing it would be impossible to track back to an individual. What's more, if I just picked up my own tape and made a dupe at night in 35 minutes while I'm there alone nobody would ever know.
This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.
that if these large corporations can't be trusted to play with their computers safely, maybe they should have them taken away. At the very least, I think some adult supervision should be required by law. And if that doesn't work, send them back to using typewriters and filing cabinets.
The higher the technology, the sharper that two-edged sword.
A report (with pretty graphs) from a recent financial engineering class. Data was from Feb to Sep 2005...
The 83 recorded loss events were categorized by loss event type and by industry sector. The data is relevant over 232 days. This yields a probability of a loss event occurring in any sector on any given day 35.7%. If only events affecting financial services institutions are counted, the probability is 7.5%.
http://privacydata.michaelaiello.com/paper.pdf
Bring forth the math corrections
and maybe I'm just ignorant, but WHY DON'T THEY ENCRYPT ALL THAT INFORMATION WHEN IT LEAVES THE MAIN DATA WAREHOUSE? It seems to me that by encrypting its contents, you put some security around it should it be lost/stolen/etc. Can anyone explain why this isn't done?
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Data retained falls into the wrong hands. Lets all sit around silently twiddling our thumbs until that data stops being your financial and residency data and starts being your movement data
Hooray for data retention
Rich Gentlemen Hide - The Existential Comic
1. The tape monkey didn't make the backups in the first place and tried to cover his ass by reporting them stolen. 2. The tape monkey re-used the tapes for another backup session. 3. The janitor stole the tapes thinking that it may be a porn movie. 4. The CFO took the tapes to hide a case of insider trading. 5. The CEO took the tapes thinking that they are from the security cameras and he didn't want a trist exposed. 6. ???
Oh well, what the hell...
AFAIK timeshares have pretty bad reputation because of the shady methods of selling them. So, many people who had their identity stolen may have already been (perfectly legally) swindled.
It is amazing the number of companies I have done consultation for where the person that is responsible for the tapes has no idea how much information is on them. I have heard of people leaving them in their car unlocked over the weekend, or while they shop. Not to mention the fact that extreme heat, and cold can destroy the things...anyone could come along and steal them.
Some years back when at University, we did a case study on an IT project that Marriott did in partnership with Rental car agencies - a booking system tie in.
It was terribly over budget, and delayed a long time.
A significant factor was the project manager lieing about timeline milestones and being within budget.
Later, once it was too late, a report slammed marriot for not reviewing the project reports, which stated time and time again that "all is well". Marriott had next to no QC or risk analysis. They allowed it to be a free wheeling disaster.
No particular point to this, but reading "Marriott" bought back memories.
In post Patriot Act America, the library books scan you.
copyright all your personal information. There's more but that is one way to go about it.
Inform anyone who has YOUR information that it is YOURS, not theirs, and it is only authorized for them to use it for the one initial transaction you had with them, one time when you do business with them, then they must delete it or alter it so it isn't complete, leaving only enough to match with some other records for further transactions. Tell them quite clearly that it isn't theirs to trade, sell, store, transfer, etc.
If they lose it, abuse it, sell it, swap it, etc, sue them see:**AA type action
Use the jerkoffs laws and regulations right back at them. Don't let corporations buffalo you, they are moribund pussies in reality, the bigger they are the more they won't want to deal with one hardass case and you'll get what you want.
It's time people got proactive with THEIR DATA, it is not these bunghole companies data afterall, you have just failed to protect your data because no one told you that it was your data. THAT'S why these various companies don't give a care about your stuff, because you've de-balled yourself in front of their business smoke and mirrors leetness, due to universal consumer brainwashing and learning to be a good corporate serf under the United Snakes of AmeriKKKa pseudo rules. They only tell you enough to be a slave and THAT'S IT. That's why you have to take it without any K-Y all the time, you agreed to be a slave by default while you were busy elsewhere with your manga and football and bittorrented tunes and other bread and circuses action they throw over the fence at you to keep you amused when they aren't working you.
If YOUR data gets compromised it is YOUR fault. If you "trust" your data to a group of buffoons, are you surprised when buffoonery occurs?
When joe shopkeep wants my data, especially SSN, I say NO, tell them why, tell them that SSN is only for government tax/social security account purposes, and if they aren't in the government tax/social security account business it is none of their business. I have yet to be refused service, although most of the time I have to rant my way upstream several layers to get past the poor clerk. It becomes fun sometimes....
Don't be afraid of this barely skilled job called "the law", the lawyers guild is another almost total scam industry that seeks to keep knowledge obscured and obfuscated. The deal is, the big secret they don't want you to know, is that it isn't closed source. You got the code, just use it. Everything you need to find out or know is available. It's just WORDS, that's all, words, and which official form to use. Nothing all that special, not hard to learn what you need to conduct your business if you just chop it down to size and take it step by step. To be a specialist, sure, it can be hard, but for specific purposes, just look it up! You have the net, it used to be harder, but today it is easy. If you can spend the time and skull sweat to learn some totally lame childish videogame, you are smart enough and can learn enough law to help yourself immensely. If you can set up a linux network, you can learn some law. If you can admin samba or apache, you can learn some law, it's actually easier.
Now I expect some "professional" lawyer FUD. thwaaappppppTT! Come back when you are a plumber or master carpenter, when you have a real skill, then I'll be impressed.
This shouldn't be happening. Recently, all of my parents' information was "lost" as well. Not by Marriott, but by my the mortgage company. Apparently, it was with the courier and then *gone*. Yeah. The best they could do was offer some tips to avoid _future_ identity theft.
Fun Zoid RPG
Identity theft is a growth industry. The demands by government for ever increasing rights to track its citizens coupled to the fetish corporations have for tracking their customers are just now providing the means for massive, efficient criminal use of stolen identities.
There are now criminal organizations that are eagerly recruiting IT people and when the mix is right my guess is we'll see some staggering criminal activity.
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
This was in the papers LAST WEEK. To add to this, by law they have to notify every person that potentially has their identity stolen. Marriott has yet to do this.
Someone mentioned obscurity through hardware regarding backups.
I'm about 95% sure that this group of Marriott is running the D3 database (formerly known as The Pick System, O/S, etc.) It's been a few years since I have spoken with them, but they used to be my client.
D3 in and of itself would provide some level of obscurity, as the "Pick" data format is unique, with embedded metacharacters to delimit it's "Multi-value" item (record) structure, plus, a unique storage method for tape archives.
The possible bad news is that Pick data structures are all ASCII, including it's tape backups, unless Marriott had saved these as "binary backups", which would then only be useful for restoration on the exact same machine configuration from which it was saved. So it's likely these are in what is known as "file-save" tapes.
And there is no intrinsic encryption available in D3, so that is off the table.
So, someone with malicious intent who got their hands on these would have to either know D3 or be able to read blocks off the tapes and try to noodle out how to extract the data to make any use of it.
Or, they could just cheap version of D3 and restore the tapes, then have a data orgy with D3's terrific inherent natural language reporting.
My company's credit union clients are being encouraged by both us and the NCUA to encrypt their tape backups. Our software runs on OpenVMS and we are reselling HP's Encryption software and training the CUs to use it. Their data can thus be reasonably well secured when exposed enroute to their offsite storage or to us for their disaster recovery testing. Unfortunately, some of our clients use third parties as their DR and some of them, despite their huge size and supposedly sophisticated facilities, can't seem to support this encryption product although it is now included with OpenVMS 8.2.
Gamingmuseum.com: Give your 3D accelerator a rest.
They don't do free monitoring, but if you're willing to do the legwork of monitoring yourself, you can monitor your credit file yourself, free of charge. clicky
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
In one of my first jobs as a programmer my first assignment was to go to a local ISP and help them restructure their customer database. So on my first day I ask the lead programmer to give me the DB structure. End of the day comes and he hands me a disk. I get back to the office and find that it contains the ENTIRE DATABSE: ~100,000 names, addresses, CC numbers, and SSN's. (After that we did an extensive security audit of their software...)
All backup software should encrypt the backups. Unfortunately, backup software is still very primitive.
Backup software should also automatically do a compare and determine if the backup is actually usable. In about 5% of our tests, Acronis TrueImage software, for example, has made a backup that it won't read.
It's simple enough to solve Marriot's problem. Pass a law that anyone storing more than 100 credit card numbers must use encryption. Provide cross-platform open source backup software that meets the requirements of the law. The law should provide guidance concerning the keeping of the passwords.
And, no, you can't copyright your name either.
And before you start ranting, no, I'm not a lawyer, I'm actually an electrician. (My sister is a lawyer, though, and was recently involved in a case where the plaintiff attempted to copyright his name & address, and then sue her employers for copyright infringement.)
Have you been touched by his noodly appendage?
With the frequency of big companies losing personal data, if they were required to report it to us, we'd get so many useless form letters that it would all mean nothing. In practice, the great majority of identity theft involves small-scale cons, not backup tapes. Identity thieves do not have the motivation to systematically rip off large numbers of people. (Those with such skills inevitably find a way to manage a big company, or run for elected office.)
The great majority of identity thieves are skimming credit card account numbers at the restaurant point of sale, dumpster diving, or phishing for grandma's personal information.
It's realistic to expect that there is sensitive data out there - the answer is not to say "don't store my SSN", although that should certainly be restricted.
It seems to me that the answer is ENCRYPTION! Encrypt the data and you can back it up on fucking postcards and send it to my grandmother for all I care..
Additional comments to my parent post:
Companies storing sensitive data could be expected to use software that provided error correction codes (like those generated by ICE ECC).
Laws about this would enable companies to spend the money without worrying that they were making themselves uncompetitive because of expenses. They would know their competitors must do it also.
Top managers are generally not wise about technology; they need someone to guide them toward doing the right thing.
When backing up, generate a random "tape" key. Encrypt this "tape key" using a block cipher and your official key. Store the encrypted tape key several times at several locations on the tape. The locations of the key must be known without needing to read the tape to find them.
With that set up, encrypt the main contents of the tape with a stream cipher (say, RC4) with the tape key.
This way, damage to a certain area of the tape will not result in a complete loss of data. Using a random key for each tape eliminates the big cryptographic no-no of using a stream cipher key twice.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Well, the SSN is not actually confidential information. Most of the shop workers, hospital workers, school workers etc can access tens or even hundreds social Security Numbers.
anyone involved in a timeshare is a shifty person anyway. meet your maker, suckers.
Marriott sent our one of four letters, depending on your status...lost data, safe data, etc. ALL had offers of Free Credit monitoring, etc.
All in all, Marriott did a good job handling this, and taking care of their timeshare owners.
I got the letter telling me my data was safe...
I'm not a troll, but I play one on Slashdot.
As someone who has to make sure the fucking robot is doing its job, and those charged with sticking tapes in and pulling them out are working properly as well (robot is a hunk of crap, the guys are reliable)
Add a smart card to the drives themselves, once inserted it is paired with the drives, and the cards could be programmed by a third party (similar to a directv setup) All data would be encrypted according to the cards and tapes would be readable by all the drives with matching cards, and it would be possible for new cards to be issued in a DR situation, or even an unpaired one to be kept on hand in a safe.
On the software side there is just too much to go wrong, making it a hardware solution would make it a rpyal PITA for an unauthorized person to get at the data and it would be easy for an authorized person to order a new card if a drive were to flip out, a pair of scissors would ensure that drive leaves the premesis w/o the ability to read a tape.
With the price of these systems, it isn't that money is no object, it's that the added expense of a smart-card on every drive would add very little to the overall price 10K extra would not be absurd. The big multi-proc machine as well as the big ass robot make 10K look cheap. Then the tapes are ~100/pc plus what the daily pickup and storage service charges. Something like $5000 worth of tapes will never come back to the building unless recalled, some will come back years later, some months to be rewritten, then there are the tapes that hit the comfortable write limit. So that's quite a bit of money floating to keep backups going, and every tape is accounted for, signed out tracked etc......other things may not always be 100% but backups must be. Add the stupid smartcard and things would be much less paranoid.
Salt would be useless. You need to use paprika!
Marriott soon-to-be-ex SA: "Um, didn't they already come this week?"
.. This is just another of many many cases of digital leakage of data on human beings. Data that may be used to thenm harm the party the information is about,
What do you suppose the solution direction is going to be, considerning that even having some sort of unique ID won't stop worngful use of such information?
If you're really a champion of civil rights and individual liberties, the first thing you'd support is MASSIVE tax cuts to starve that liberty-reducing government of resources.
And the last thing you'd support is ANY new government program.
These arguments miss the real point.
You have permitted a government to define, control and essentially own your identity.
There is no commercial or honest need for this.
Most of us using Slashdot have multiple identities (user names) for the different boards we log into on the net. For each one we have established a reputation for good or ill that serves as our good-will or "credit" on that board.
If the government wishes to issue a Tax ID, OK. But only I and they need to know it.
If a credit company wishes to issue a credit ID to track my credit history, maybe OK, but they do not need to know my SSN, or even if I have one.
I'll go farther: no one needs to know my real name, or even if I have one.
Only those with a purient lust to know about others "need" to know everything. Rememeber that such lusts are insatiable, and that tolerating them feeds them. You ain't seen nothin' yet.
There is not nearly enough love in the world, but there is far too much trust.
Is your sister hot?
Not quite. SSN for identification (read "user id") is what it is designed for.
The problem is all the entities that improperly use it as an AUTHENTICATOR (read "password"). That would assume there is some sort of private information known only to myself in my SSN. On the contrary, there is very little private about your SSN. And the only way forward is to start treating the SSN as nothing more than an identifier. Make it unvaluable.
However, a good universal authenticator is needed. Biometrics might be an avenue, but how do you get prevent replay problems?
Hi Melissa,
Sorry to digress from the topic. I've read your 'VS8 has so many problems' post, it's VERY useful.
BTW, VC has has built-in variable-sized stack allocation: void *_malloca(size_t size); Allocates memory on the stack. This is a version of _alloca with security enhancements as described in Security Enhancements in the CRT. I used _alloca() a lot sincelong time ago. I hope it'll be useful to you too.
You also wrote:
- VC8 does not have __asm in x64. This is a terrible mistake. It would have been very easy for Microsoft to have implemented this feature (it's not very different from x86)! This is the most severe problem my company has with Visual Studio 8. We have resorted to using a GCC cross-compiler to compile our x64 C programs with embedded x64 assembly language.
I agree. Could you share with me some build or Makefile samples on how use GCC this way? I am trying to do the same (compile our x64 C programs with embedded x64 assembly language on x64). My email: abereznyi@hotmail.com
Thanks, Alex