Slashdot Mirror
Marriott Discloses Missing Data Files
An anonymous reader writes "Marriott International has admitted that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company." From the Washington Post story: "Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost. An internal investigation produced no clear answer. The company notified the Secret Service over the past two weeks, and has also told credit card companies and other financial institutions about the loss of the tapes."
With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!
The theory of relativity doesn't work right in Arkansas.
Unless your business model including some sort of recurring billing there is absolutely no justification for storing every digit of a credit card number. The first and last digits are more than enough for data matching purposes.
How we know is more important than what we know.
I believe this concerns time share loans, in which case a SSN would be required in the credit process.
The reason you're now hearing about is because states (California and others) have begun passing laws requiring companies to disclose these types of events.
They would need to keep the SSNs to share with their loan servicer(s?) and backup companies.
In most cases, when you take out a loan with somebody, your data is likely being shared with everybody they do business with related to the servicing of the loan... especially if you're a "high risk" customer (e.g., low credit score).
It is the Time Share division of Marriott, and they are required to have SSN's for those customers for mortgage interest reporting purposes.
AC for obvious reasons...
;-)). Anyway, the first day, FIRST DAY! I was working there I had access to all the back-up tapes for the past month with every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates. The tapes are all sitting in a filing cabinet in the front office.
I work the front desk at a competing 4-star hotel chain. I work the night shift ($10/hr to sit there babysitting the desk and reading/fiddling on my laptop, great job for students
So many people touch the tapes, front desk staff/accounting/reservations/IT, that if one went missing it would be impossible to track back to an individual. What's more, if I just picked up my own tape and made a dupe at night in 35 minutes while I'm there alone nobody would ever know.
This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.
The Secret Service also serves as the branch of law enforcement that investigates financial fraud and counterfeiting. From The Secret Service web page:
"The Secret Service also investigates violations of laws relating to counterfeiting of obligations and securities of the United States; financial crimes that include, but are not limited to, access device fraud, financial institution fraud, identity theft, computer fraud; and computer-based attacks on our nation's financial, banking, and telecommunications infrastructure."
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
ABN Amro lost a tape with my data on it. The news was out that week. DHL found it, and even though the news agencies didn't cover it much, I got a follow-up letter from ABN Amro AND they extended the free credit tracking service from 3 months to 1 year.
Marriott on the other hand waited over a month before they even notified the Secret Service, for crying out loud.
No kudos to Marriott for this one. They're lucky that their month-long cover-up isn't criminal (yet).
-- "In order to have power, I must be taken seriously." -Mojo Jojo
Well, even if so...why did they keep the numbers? I've run into things where people wanted my SSN....which I pretty much refuse to give to anyone not associated with ssn taxes....but, to get around it...I just give a deposit in lieu of SSN.
As far as loans, they keep the numbers because if a person defaults on the loan that's the only data they have that's unique to the person who defaulted. For example, if the debt gets sold cheaply to a debt collection agency, the collection agency needs that number to track the person if the person moves somewhere else. "John Jones of 123 Main St. Anytown, USA" isn't very useful if John Jones moves to another state.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
Can anyone tell me why Marriot has the SSNs of Customers?
They probably don't. As the article says, the backup tapes contained credit card numbers and SSNs of workers, time share owners and customers. That reasonably means that they've lost the credit card numbers of time share owners and customers and the SSNs of time share owners and employees.
So they've lost this data, but it seems to me that they're being reactive in a positive way - they've notified the right people in government, they've contacted financial institutions and they've notified their customers, along with issuing a public statement about it.
The article claims that the data requires "special equipment" to retrieve the data - some comfort, I guess, unless that special equipment isn't just a DAT drive and a backup program.
I wouldn't call their measures "proactive", as did the Marriott spokesperson, but the company seems to be reasonably open about it.
-h-
They need to keep your SSN for tax purposes. Depending on your agreement, the loan to 'buy' your timeshare is considered a mortgage. So they need to report interest to the IRS. Not to mention, a credit agency is going to use your SSN to avoid simple name collisions.
As far as keeping your credit card number, they could be requiring it to cover maintenance fees or it's possible customers are automatically having their loan payments charged to their credit card. I do that with a couple of my monthly expenses so I don't have to write a check. (having both electronic withdrawals and automatic billing to credit cards, I prefer the latter)
While I suppose you can get around these by buying the timeshare outright, and prepaying maintenance fees, most customers do not want to do that.
It is amazing what you can accomplish if you do not care who gets the credit. -- Harry Truman
Someone mentioned obscurity through hardware regarding backups.
I'm about 95% sure that this group of Marriott is running the D3 database (formerly known as The Pick System, O/S, etc.) It's been a few years since I have spoken with them, but they used to be my client.
D3 in and of itself would provide some level of obscurity, as the "Pick" data format is unique, with embedded metacharacters to delimit it's "Multi-value" item (record) structure, plus, a unique storage method for tape archives.
The possible bad news is that Pick data structures are all ASCII, including it's tape backups, unless Marriott had saved these as "binary backups", which would then only be useful for restoration on the exact same machine configuration from which it was saved. So it's likely these are in what is known as "file-save" tapes.
And there is no intrinsic encryption available in D3, so that is off the table.
So, someone with malicious intent who got their hands on these would have to either know D3 or be able to read blocks off the tapes and try to noodle out how to extract the data to make any use of it.
Or, they could just cheap version of D3 and restore the tapes, then have a data orgy with D3's terrific inherent natural language reporting.
If you encrypt a database backup and there is an error on the tape, the backup could easily be useless.
Only under certain modes of block cyphers. If you use an electronic code book mode of a block cipher you only lose the block with the error on it. It's not as secure of course, but it's a lot better than nothing.
AccountKiller
> A single block error could render an entire encrypted archive useless.
Huh? Where in the world did you come-up with that?
That would only be true if your encryption uses CBC (Cipher Block Chaining) mode. That's where you XOR each block with the ciphertext of the previous block. An error in one block affects that block and every subsequent block like you describe.
When you use ECB (Electronic Code Book), the regular DES algorithm, you encrypt each 64-bit block independently. Errors only affect the data in the block containing the error. This is the faster and easier to implement than CBC mode so it's what a lot of products use.
I've seen a couple of companies play around with using encryption on their backups, but they stopped for the same reason I've seen more intentionally not use it. You don't want to pull-out a tape from a library and not be able to read it. Do you really want to keep-up with a list of passwords for a decade or more? Would you want to be the IT director someone that has to tell a CEO that the $250k you've spent on backup tapes and storage costs was for naught since you can't read the tape? I saw a CTO fired for exactly that.
Of course since I'm responding to a register user, I'll be marked as a troll or flamebait so this response will never be read. I don't know why I bother posting on this cesspool. Posts like the one I'm replying to that are just plain wrong are given points, but the best posts are given -1's if they're from people that aren't logged-in.
Not to mention, a credit agency is going to use your SSN to avoid simple name collisions.
Maybe in your world it's okay for SSN's to be routinely dancing around in credit agency computers to prevent 'simple name collisions' but not in mine.
They're in big trouble if the only 'tag' they have to distinguish between customers is the SSN. There aren't that many cases where people with a common street address have the same exact name. They can use Zipcode+4 if they really have that shaky a system that they need a distingushing number to use.
resigned
They're providing free credit monitoring services to those affected. That's more proactive than most companies, who usually do little more than notify the affected people.
You can never go home again... but I guess you can shop there.