Slashdot Mirror

← Back to Stories (view on slashdot.org)

Marriott Says Hackers Stole More Than 5 Million Passport Numbers (cnet.com)

Posted by msmash on from the security-woes dept.

Marriott has downsized its original estimate on a major data breach, but the number of people affected is still historic. The hotel group announced Friday that it now believes hackers accessed the records of up to 383 million guests, following an investigation it conducted with a forensics and analytics team. In November, it had reported an estimate of as many as 500 million guests. From a report: Even at that lower figure, the Marriott incident remains one of the largest personal data breaches in history, more than double that of Equifax, which exposed the personal data of 147.7 million American. Data breaches have become a common issue for massive companies that collect and store information on millions of people. In 2018, tech giants like Facebook and Reddit have fallen victim to data breaches. Hackers look for poor protection that they can bypass to steal valuable details like Social Security numbers, birth dates, email addresses and credit card numbers.

3 of 71 comments (clear)

  1. Sue them senseless by nospam007 · · Score: 3, Insightful

    They deserve it.

    1. Re:Sue them senseless by froggyjojodaddy · · Score: 4, Insightful

      I *think* it's because some countries/jurisdictions require the hotel to capture certain details, including the passport number. So they're obligated to get it, but clearly they didn't think ahead and actually store that data appropriately

      Actually, what's more likely is:

      Boss We need to capture Passport info to be in compliance with blah, blah
      DB admin/Developer No problem, we need a secure database back end with limited access, auditing capability, and secure.....
      Boss No, what? No! We don't have money or time for that. Just make it happen
      DB admin/Developer But this goes against every principle of data management and storage. What if I just...
      Boss Listen, you're making this overly complicated OK? We're not going to get hacked, just put in an exclamation mark in the regular password I use, Ok?

      A few months later, they get hacked. Developer bears the brunt of the fallout. Boss goes on a nice vacation courtesy of the huge bonus he received a few months prior for "implementing a method to remain compliant with blah, blah law"

    2. Re:Sue them senseless by religionofpeas · · Score: 4, Insightful

      The problem is not giving out your passport number. The problem is that some people/businesses consider a passport number to be an authentication device.