Slashdot Mirror
Marriott Discloses Missing Data Files
An anonymous reader writes "Marriott International has admitted that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company." From the Washington Post story: "Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost. An internal investigation produced no clear answer. The company notified the Secret Service over the past two weeks, and has also told credit card companies and other financial institutions about the loss of the tapes."
Can anyone tell me why Marriot has the SSNs of Customers?
Time-share owners, maybe, employees definately, but customers? Why?
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
We can only hope these tapes have been misplaced or actually lost rather than stolen for the information they contain.
;)
All backups should be done on VERY obscure hardware to reduce the danger of things like this
If the crooks can't read the tapes theres no problem (same goes for strong encryption)
liqbase
I stayed in a Holiday Inn Express last night.
With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!
The theory of relativity doesn't work right in Arkansas.
8th post! On a more serious note, even if this data was lost through no fault of Marriott's (stolen, say), I think this points out the need to legislate a consumer notification requirement. If there is a reasonable chance that my name and info are on one of those tapes, I think Marriot has the obligation to let me know. They will never do so without being compelled.
Regards, John Hancock.
Mid November? I think some people would have wanted to know sooner. Why are we just now finding out about this?
Comment removed based on user account deletion
Now wifey will never know.
Back in ancient days (pre-500 AD for example), it was not a rare thing for vaguely look-alike, or not even look-alike people, to claim to be someone famous/important in a village or town where nobody could invalidate the claim (or those who would validate it were being duped or willing participants).
This is a quite old crime. The difference is that now identity theft of everyday people can be lucrative, and you don't even need to look like them or deal with tricking others. And you don't have to worry about being lynched or stoned, just going to jail.
Hunt your preferred prey at Aliens vs Predator MUD. Join the war at avpmud.com port 4000
The reason you're now hearing about is because states (California and others) have begun passing laws requiring companies to disclose these types of events.
Let me ask a simple question: Why don't they encrypt this stuff?
Many companies out there wouldn't even know if their tapes had been misplaced or lost. At 3 companies I've worked for, we've had tapes lying around in managers' offices and server rooms, many that contain information that could be used for identity theft.
Marriott has handled this correctly and deserves some credit for doing so. At least they're not trying to cover it up like some companies would.
You have enemies? Good. That means you've stood up for something, sometime in your life. --Winston Churchill
I'm glad to read Marriot is offering credit fraud monitoring to the affected people like how Ford offered to its employees when they recently lost 70,000 employee/retiree SSNs. Unless it is lifetime monitoring I fail to see the long term value.
Wait a second, why don't the credit bureaus offer free lifetime credit fraud monitoring to everyone in the first place?
Speak truth to power.
ELOI, ELOI, LAMA SABACHTHANI!?
This is exactly the reason why we never make backups. What does not exist, cannot be stolen :)
Forgive me for being uninformed, but why would the Secret Service be the agency responsible for investigating this type of incident?
Unless Valerie Plame had a timeshare.....
-- If you try to fail and succeed, which have you done? - Uli's moose
I read about this in the post almost a week ago. Its finally posted to slashdot on a Sunday, and a "holiday" Sunday at that.
Discuss.
</Linda Richman>
AC for obvious reasons...
;-)). Anyway, the first day, FIRST DAY! I was working there I had access to all the back-up tapes for the past month with every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates. The tapes are all sitting in a filing cabinet in the front office.
I work the front desk at a competing 4-star hotel chain. I work the night shift ($10/hr to sit there babysitting the desk and reading/fiddling on my laptop, great job for students
So many people touch the tapes, front desk staff/accounting/reservations/IT, that if one went missing it would be impossible to track back to an individual. What's more, if I just picked up my own tape and made a dupe at night in 35 minutes while I'm there alone nobody would ever know.
This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.
that if these large corporations can't be trusted to play with their computers safely, maybe they should have them taken away. At the very least, I think some adult supervision should be required by law. And if that doesn't work, send them back to using typewriters and filing cabinets.
The higher the technology, the sharper that two-edged sword.
A report (with pretty graphs) from a recent financial engineering class. Data was from Feb to Sep 2005...
The 83 recorded loss events were categorized by loss event type and by industry sector. The data is relevant over 232 days. This yields a probability of a loss event occurring in any sector on any given day 35.7%. If only events affecting financial services institutions are counted, the probability is 7.5%.
http://privacydata.michaelaiello.com/paper.pdf
Bring forth the math corrections
and maybe I'm just ignorant, but WHY DON'T THEY ENCRYPT ALL THAT INFORMATION WHEN IT LEAVES THE MAIN DATA WAREHOUSE? It seems to me that by encrypting its contents, you put some security around it should it be lost/stolen/etc. Can anyone explain why this isn't done?
We're all hypocrites. We all have hidden parts, it's the contrast between them that make us more a hypocrite than others
Data retained falls into the wrong hands. Lets all sit around silently twiddling our thumbs until that data stops being your financial and residency data and starts being your movement data
Hooray for data retention
Rich Gentlemen Hide - The Existential Comic
1. The tape monkey didn't make the backups in the first place and tried to cover his ass by reporting them stolen. 2. The tape monkey re-used the tapes for another backup session. 3. The janitor stole the tapes thinking that it may be a porn movie. 4. The CFO took the tapes to hide a case of insider trading. 5. The CEO took the tapes thinking that they are from the security cameras and he didn't want a trist exposed. 6. ???
Oh well, what the hell...
AFAIK timeshares have pretty bad reputation because of the shady methods of selling them. So, many people who had their identity stolen may have already been (perfectly legally) swindled.
It is amazing the number of companies I have done consultation for where the person that is responsible for the tapes has no idea how much information is on them. I have heard of people leaving them in their car unlocked over the weekend, or while they shop. Not to mention the fact that extreme heat, and cold can destroy the things...anyone could come along and steal them.
Some years back when at University, we did a case study on an IT project that Marriott did in partnership with Rental car agencies - a booking system tie in.
It was terribly over budget, and delayed a long time.
A significant factor was the project manager lieing about timeline milestones and being within budget.
Later, once it was too late, a report slammed marriot for not reviewing the project reports, which stated time and time again that "all is well". Marriott had next to no QC or risk analysis. They allowed it to be a free wheeling disaster.
No particular point to this, but reading "Marriott" bought back memories.
In post Patriot Act America, the library books scan you.
This shouldn't be happening. Recently, all of my parents' information was "lost" as well. Not by Marriott, but by my the mortgage company. Apparently, it was with the courier and then *gone*. Yeah. The best they could do was offer some tips to avoid _future_ identity theft.
Fun Zoid RPG
Identity theft is a growth industry. The demands by government for ever increasing rights to track its citizens coupled to the fetish corporations have for tracking their customers are just now providing the means for massive, efficient criminal use of stolen identities.
There are now criminal organizations that are eagerly recruiting IT people and when the mix is right my guess is we'll see some staggering criminal activity.
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
This was in the papers LAST WEEK. To add to this, by law they have to notify every person that potentially has their identity stolen. Marriott has yet to do this.
Someone mentioned obscurity through hardware regarding backups.
I'm about 95% sure that this group of Marriott is running the D3 database (formerly known as The Pick System, O/S, etc.) It's been a few years since I have spoken with them, but they used to be my client.
D3 in and of itself would provide some level of obscurity, as the "Pick" data format is unique, with embedded metacharacters to delimit it's "Multi-value" item (record) structure, plus, a unique storage method for tape archives.
The possible bad news is that Pick data structures are all ASCII, including it's tape backups, unless Marriott had saved these as "binary backups", which would then only be useful for restoration on the exact same machine configuration from which it was saved. So it's likely these are in what is known as "file-save" tapes.
And there is no intrinsic encryption available in D3, so that is off the table.
So, someone with malicious intent who got their hands on these would have to either know D3 or be able to read blocks off the tapes and try to noodle out how to extract the data to make any use of it.
Or, they could just cheap version of D3 and restore the tapes, then have a data orgy with D3's terrific inherent natural language reporting.
My company's credit union clients are being encouraged by both us and the NCUA to encrypt their tape backups. Our software runs on OpenVMS and we are reselling HP's Encryption software and training the CUs to use it. Their data can thus be reasonably well secured when exposed enroute to their offsite storage or to us for their disaster recovery testing. Unfortunately, some of our clients use third parties as their DR and some of them, despite their huge size and supposedly sophisticated facilities, can't seem to support this encryption product although it is now included with OpenVMS 8.2.
Gamingmuseum.com: Give your 3D accelerator a rest.
They don't do free monitoring, but if you're willing to do the legwork of monitoring yourself, you can monitor your credit file yourself, free of charge. clicky
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
In one of my first jobs as a programmer my first assignment was to go to a local ISP and help them restructure their customer database. So on my first day I ask the lead programmer to give me the DB structure. End of the day comes and he hands me a disk. I get back to the office and find that it contains the ENTIRE DATABSE: ~100,000 names, addresses, CC numbers, and SSN's. (After that we did an extensive security audit of their software...)
All backup software should encrypt the backups. Unfortunately, backup software is still very primitive.
Backup software should also automatically do a compare and determine if the backup is actually usable. In about 5% of our tests, Acronis TrueImage software, for example, has made a backup that it won't read.
It's simple enough to solve Marriot's problem. Pass a law that anyone storing more than 100 credit card numbers must use encryption. Provide cross-platform open source backup software that meets the requirements of the law. The law should provide guidance concerning the keeping of the passwords.
And, no, you can't copyright your name either.
And before you start ranting, no, I'm not a lawyer, I'm actually an electrician. (My sister is a lawyer, though, and was recently involved in a case where the plaintiff attempted to copyright his name & address, and then sue her employers for copyright infringement.)
Have you been touched by his noodly appendage?
With the frequency of big companies losing personal data, if they were required to report it to us, we'd get so many useless form letters that it would all mean nothing. In practice, the great majority of identity theft involves small-scale cons, not backup tapes. Identity thieves do not have the motivation to systematically rip off large numbers of people. (Those with such skills inevitably find a way to manage a big company, or run for elected office.)
The great majority of identity thieves are skimming credit card account numbers at the restaurant point of sale, dumpster diving, or phishing for grandma's personal information.
It's realistic to expect that there is sensitive data out there - the answer is not to say "don't store my SSN", although that should certainly be restricted.
It seems to me that the answer is ENCRYPTION! Encrypt the data and you can back it up on fucking postcards and send it to my grandmother for all I care..
Additional comments to my parent post:
Companies storing sensitive data could be expected to use software that provided error correction codes (like those generated by ICE ECC).
Laws about this would enable companies to spend the money without worrying that they were making themselves uncompetitive because of expenses. They would know their competitors must do it also.
Top managers are generally not wise about technology; they need someone to guide them toward doing the right thing.
When backing up, generate a random "tape" key. Encrypt this "tape key" using a block cipher and your official key. Store the encrypted tape key several times at several locations on the tape. The locations of the key must be known without needing to read the tape to find them.
With that set up, encrypt the main contents of the tape with a stream cipher (say, RC4) with the tape key.
This way, damage to a certain area of the tape will not result in a complete loss of data. Using a random key for each tape eliminates the big cryptographic no-no of using a stream cipher key twice.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Well, the SSN is not actually confidential information. Most of the shop workers, hospital workers, school workers etc can access tens or even hundreds social Security Numbers.
Marriott sent our one of four letters, depending on your status...lost data, safe data, etc. ALL had offers of Free Credit monitoring, etc.
All in all, Marriott did a good job handling this, and taking care of their timeshare owners.
I got the letter telling me my data was safe...
I'm not a troll, but I play one on Slashdot.
You guys really have to stop your bitching and contribute to fix what you see as wrong
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Marriott soon-to-be-ex SA: "Um, didn't they already come this week?"
.. This is just another of many many cases of digital leakage of data on human beings. Data that may be used to thenm harm the party the information is about,
What do you suppose the solution direction is going to be, considerning that even having some sort of unique ID won't stop worngful use of such information?
These arguments miss the real point.
You have permitted a government to define, control and essentially own your identity.
There is no commercial or honest need for this.
Most of us using Slashdot have multiple identities (user names) for the different boards we log into on the net. For each one we have established a reputation for good or ill that serves as our good-will or "credit" on that board.
If the government wishes to issue a Tax ID, OK. But only I and they need to know it.
If a credit company wishes to issue a credit ID to track my credit history, maybe OK, but they do not need to know my SSN, or even if I have one.
I'll go farther: no one needs to know my real name, or even if I have one.
Only those with a purient lust to know about others "need" to know everything. Rememeber that such lusts are insatiable, and that tolerating them feeds them. You ain't seen nothin' yet.
There is not nearly enough love in the world, but there is far too much trust.
Hi Melissa,
Sorry to digress from the topic. I've read your 'VS8 has so many problems' post, it's VERY useful.
BTW, VC has has built-in variable-sized stack allocation: void *_malloca(size_t size); Allocates memory on the stack. This is a version of _alloca with security enhancements as described in Security Enhancements in the CRT. I used _alloca() a lot sincelong time ago. I hope it'll be useful to you too.
You also wrote:
- VC8 does not have __asm in x64. This is a terrible mistake. It would have been very easy for Microsoft to have implemented this feature (it's not very different from x86)! This is the most severe problem my company has with Visual Studio 8. We have resorted to using a GCC cross-compiler to compile our x64 C programs with embedded x64 assembly language.
I agree. Could you share with me some build or Makefile samples on how use GCC this way? I am trying to do the same (compile our x64 C programs with embedded x64 assembly language on x64). My email: abereznyi@hotmail.com
Thanks, Alex