Slashdot Mirror

← Back to Stories (view on slashdot.org)

Marriott Discloses Missing Data Files

Posted by Zonk on from the i-seem-to-have-misplaced-this-small-item dept.

An anonymous reader writes "Marriott International has admitted that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company." From the Washington Post story: "Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost. An internal investigation produced no clear answer. The company notified the Secret Service over the past two weeks, and has also told credit card companies and other financial institutions about the loss of the tapes."

8 of 162 comments (clear)

  1. Great. by User+956 · · Score: 3, Informative

    With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!

    --
    The theory of relativity doesn't work right in Arkansas.
    1. Re:Great. by Dhalka226 · · Score: 4, Informative

      I'm glad the Department of Homeland Security has had their budget cut to $16 million.

      That's misleading. Their RESEARCH budget for CYBERSECURITY is cut to $16 million, and that's only down 7% from last year, which means under $2 million in cuts.

      You can argue it should be higher if you wish, but don't make it sound like the entire DHS--or even cybercrime enforcement in general--is funded that sparsely.

  2. Re:why do they have SSNs for customers? by QuantumG · · Score: 4, Informative

    Unless your business model including some sort of recurring billing there is absolutely no justification for storing every digit of a credit card number. The first and last digits are more than enough for data matching purposes.

    --
    How we know is more important than what we know.
  3. Re:why do they have SSNs for customers? by Pampusik · · Score: 3, Informative

    I believe this concerns time share loans, in which case a SSN would be required in the credit process.

  4. Re:why do they have SSNs for customers? by Pampusik · · Score: 3, Informative

    They would need to keep the SSNs to share with their loan servicer(s?) and backup companies.

    In most cases, when you take out a loan with somebody, your data is likely being shared with everybody they do business with related to the servicing of the loan... especially if you're a "high risk" customer (e.g., low credit score).

  5. That's nothing... by Anonymous Coward · · Score: 5, Informative

    AC for obvious reasons...

    I work the front desk at a competing 4-star hotel chain. I work the night shift ($10/hr to sit there babysitting the desk and reading/fiddling on my laptop, great job for students ;-)). Anyway, the first day, FIRST DAY! I was working there I had access to all the back-up tapes for the past month with every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates. The tapes are all sitting in a filing cabinet in the front office.

    So many people touch the tapes, front desk staff/accounting/reservations/IT, that if one went missing it would be impossible to track back to an individual. What's more, if I just picked up my own tape and made a dupe at night in 35 minutes while I'm there alone nobody would ever know.

    This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.

  6. Re:Hats off to Marriott by humphrm · · Score: 4, Informative
    Umm, I hate to say it, but a tape missing since last November constitutes a cover-up. Marriott only came out and admitted to the loss because their internal investigation turned up nothing.

    ABN Amro lost a tape with my data on it. The news was out that week. DHL found it, and even though the news agencies didn't cover it much, I got a follow-up letter from ABN Amro AND they extended the free credit tracking service from 3 months to 1 year.

    Marriott on the other hand waited over a month before they even notified the Secret Service, for crying out loud.

    No kudos to Marriott for this one. They're lucky that their month-long cover-up isn't criminal (yet).

    --
    -- "In order to have power, I must be taken seriously." -Mojo Jojo
  7. Re:why do they have SSNs for customers? by llefler · · Score: 4, Informative

    They need to keep your SSN for tax purposes. Depending on your agreement, the loan to 'buy' your timeshare is considered a mortgage. So they need to report interest to the IRS. Not to mention, a credit agency is going to use your SSN to avoid simple name collisions.

    As far as keeping your credit card number, they could be requiring it to cover maintenance fees or it's possible customers are automatically having their loan payments charged to their credit card. I do that with a couple of my monthly expenses so I don't have to write a check. (having both electronic withdrawals and automatic billing to credit cards, I prefer the latter)

    While I suppose you can get around these by buying the timeshare outright, and prepaying maintenance fees, most customers do not want to do that.

    --
    It is amazing what you can accomplish if you do not care who gets the credit. -- Harry Truman