Slashdot Mirror

← Back to Stories (view on slashdot.org)

Marriott Discloses Missing Data Files

Posted by Zonk on from the i-seem-to-have-misplaced-this-small-item dept.

An anonymous reader writes "Marriott International has admitted that it is missing backup computer tapes containing credit card account information and the Social Security numbers of about 206,000 time-share owners and customers, as well as employees of the company." From the Washington Post story: "Officials at Marriott Vacation Club International said it is not clear whether the tapes, missing since mid-November, were stolen from the company's Orlando headquarters or whether they were simply lost. An internal investigation produced no clear answer. The company notified the Secret Service over the past two weeks, and has also told credit card companies and other financial institutions about the loss of the tapes."

15 of 162 comments (clear)

  1. why do they have SSNs for customers? by rritterson · · Score: 4, Interesting

    Can anyone tell me why Marriot has the SSNs of Customers?

    Time-share owners, maybe, employees definately, but customers? Why?

    --
    -Ryan
    AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
    1. Re:why do they have SSNs for customers? by User+956 · · Score: 4, Funny

      Time-share owners, maybe, employees definately, but customers? Why?

      Look, they're just making sure you don't steal any towels. Towel theft is a big deal.

      --
      The theory of relativity doesn't work right in Arkansas.
    2. Re:why do they have SSNs for customers? by QuantumG · · Score: 4, Informative

      Unless your business model including some sort of recurring billing there is absolutely no justification for storing every digit of a credit card number. The first and last digits are more than enough for data matching purposes.

      --
      How we know is more important than what we know.
    3. Re:why do they have SSNs for customers? by toddbu · · Score: 5, Insightful
      Can anyone tell me why Marriot has the SSNs of Customers?

      I think that you're asking the wrong question here. Shouldn't you be asking "why does it matter if they keep your SSN?" Our whole system of using SSNs to identify people is broken, and if Congress would get off their lazy duffs and fix the problem then maybe it wouldn't matter if someone had my SSN number or not. A simple change to credit reporting laws that would require a second level of verification of the identity of a consumer before granting credit, like what happens when you put a fraud alert on your credit report, would go a long way toward fixing this problem. But those who issue credit are afraid that if you got rid of easy credit then their market would collapse. I'll agree that some people would be inconvenienced by such a system (like those who move around a lot), but it sure would reduce fraud. At the very least, I should have the option of making a fraud alert permanent, and to have complete control over who can view my credit history. Then maybe it wouldn't make such a difference if someone got my personal information.

      --
      If you don't want crime to pay, let the government run it.
    4. Re:why do they have SSNs for customers? by llefler · · Score: 4, Informative

      They need to keep your SSN for tax purposes. Depending on your agreement, the loan to 'buy' your timeshare is considered a mortgage. So they need to report interest to the IRS. Not to mention, a credit agency is going to use your SSN to avoid simple name collisions.

      As far as keeping your credit card number, they could be requiring it to cover maintenance fees or it's possible customers are automatically having their loan payments charged to their credit card. I do that with a couple of my monthly expenses so I don't have to write a check. (having both electronic withdrawals and automatic billing to credit cards, I prefer the latter)

      While I suppose you can get around these by buying the timeshare outright, and prepaying maintenance fees, most customers do not want to do that.

      --
      It is amazing what you can accomplish if you do not care who gets the credit. -- Harry Truman
  2. And THAT is why... by Winlin · · Score: 5, Funny

    I stayed in a Holiday Inn Express last night.

  3. Oh thank you thank you thank you! by rleesBSD · · Score: 4, Funny

    Now wifey will never know.

  4. Re:Identify theft a fad? by MaineCoon · · Score: 4, Interesting

    Back in ancient days (pre-500 AD for example), it was not a rare thing for vaguely look-alike, or not even look-alike people, to claim to be someone famous/important in a village or town where nobody could invalidate the claim (or those who would validate it were being duped or willing participants).

    This is a quite old crime. The difference is that now identity theft of everyday people can be lucrative, and you don't even need to look like them or deal with tricking others. And you don't have to worry about being lynched or stoned, just going to jail.

    --
    Hunt your preferred prey at Aliens vs Predator MUD. Join the war at avpmud.com port 4000
  5. Re:Great. by dangitman · · Score: 4, Insightful
    With $105 billion in this type of crime in 2005, I'm glad the Department of Homeland Security has had their budget cut to $16 million. That should stop those crooks!

    Given the lack of competence of DHS, eliminating their funding can only be a good thing. They only seem to make things worse, and haven't really shown any evidence of being effective at doing anything other that waste money and erode civil liberties.

    --
    ... and then they built the supercollider.
  6. fraud monitoring by spoonyfork · · Score: 4, Insightful

    I'm glad to read Marriot is offering credit fraud monitoring to the affected people like how Ford offered to its employees when they recently lost 70,000 employee/retiree SSNs. Unless it is lifetime monitoring I fail to see the long term value.

    Wait a second, why don't the credit bureaus offer free lifetime credit fraud monitoring to everyone in the first place?

    --
    Speak truth to power.
  7. That's nothing... by Anonymous Coward · · Score: 5, Informative

    AC for obvious reasons...

    I work the front desk at a competing 4-star hotel chain. I work the night shift ($10/hr to sit there babysitting the desk and reading/fiddling on my laptop, great job for students ;-)). Anyway, the first day, FIRST DAY! I was working there I had access to all the back-up tapes for the past month with every guests name, address, phone number, what government agency/corporation they work for, and CC#'s/expiration dates. The tapes are all sitting in a filing cabinet in the front office.

    So many people touch the tapes, front desk staff/accounting/reservations/IT, that if one went missing it would be impossible to track back to an individual. What's more, if I just picked up my own tape and made a dupe at night in 35 minutes while I'm there alone nobody would ever know.

    This is a 400 room hotel in a major U.S. city, access to literally tens of thousands of names, addresses and associating credit card numbers, all for filling out a standard job application that I may or may not have filled out accurately. Unbelievable.

  8. I am REALLY starting to think by ScrewMaster · · Score: 4, Insightful

    that if these large corporations can't be trusted to play with their computers safely, maybe they should have them taken away. At the very least, I think some adult supervision should be required by law. And if that doesn't work, send them back to using typewriters and filing cabinets.

    --
    The higher the technology, the sharper that two-edged sword.
  9. Re:Hats off to Marriott by humphrm · · Score: 4, Informative
    Umm, I hate to say it, but a tape missing since last November constitutes a cover-up. Marriott only came out and admitted to the loss because their internal investigation turned up nothing.

    ABN Amro lost a tape with my data on it. The news was out that week. DHL found it, and even though the news agencies didn't cover it much, I got a follow-up letter from ABN Amro AND they extended the free credit tracking service from 3 months to 1 year.

    Marriott on the other hand waited over a month before they even notified the Secret Service, for crying out loud.

    No kudos to Marriott for this one. They're lucky that their month-long cover-up isn't criminal (yet).

    --
    -- "In order to have power, I must be taken seriously." -Mojo Jojo
  10. Some private data loss statistics by michaelaiello · · Score: 4, Insightful
    Lists of incidents

    A report (with pretty graphs) from a recent financial engineering class. Data was from Feb to Sep 2005...
    The 83 recorded loss events were categorized by loss event type and by industry sector. The data is relevant over 232 days. This yields a probability of a loss event occurring in any sector on any given day 35.7%. If only events affecting financial services institutions are counted, the probability is 7.5%.

    http://privacydata.michaelaiello.com/paper.pdf

    Bring forth the math corrections
  11. Re:Great. by Dhalka226 · · Score: 4, Informative

    I'm glad the Department of Homeland Security has had their budget cut to $16 million.

    That's misleading. Their RESEARCH budget for CYBERSECURITY is cut to $16 million, and that's only down 7% from last year, which means under $2 million in cuts.

    You can argue it should be higher if you wish, but don't make it sound like the entire DHS--or even cybercrime enforcement in general--is funded that sparsely.