21 votes

Marriott admits hackers stole data on 500 million guests; passports and credit card info included

10 comments

  1. [6]
    SourceContribute
    Link
    I don't understand how terrible cybersecurity hasn't translated into massive liability. Equifax is still up and running somehow and Marriott will still be alive? Pre-internet, if all the...

    I don't understand how terrible cybersecurity hasn't translated into massive liability. Equifax is still up and running somehow and Marriott will still be alive?

    Pre-internet, if all the documentation of transactions including passport info, credit card info (and in the case of Equifax social security number), were photo-copied, there would be massive damage to the corporation that allowed it to happen. But because it's so quick and easy, we can't deal with this scale and we just say "oops"?

    10 votes
    1. demifiend
      Link Parent
      We keep electing public officials who can't tell a computer from a Cuisinart, have no idea how any of this shit actually works, and thus have no clue as to how dangerous data retention actually...

      I don't understand how terrible cybersecurity hasn't translated into massive liability.

      We keep electing public officials who can't tell a computer from a Cuisinart, have no idea how any of this shit actually works, and thus have no clue as to how dangerous data retention actually is.

      Nobody who matters seems to understand that the data troves they're sitting on are the equivalent of huge goddamned piles of nuclear waste material left out in the open for any random schmuck off the street to steal and weaponize.

      13 votes
    2. [3]
      MimicSquid
      Link Parent
      Right? At this point it's down to "Oops! Here's a year of credit monitoring if you give up the right to sue us!" and then everyone moves on. It's really frustrating to see how much major...

      Right? At this point it's down to "Oops! Here's a year of credit monitoring if you give up the right to sue us!" and then everyone moves on. It's really frustrating to see how much major corporations don't seem to be punished for their errors.

      7 votes
      1. [2]
        demifiend
        Link Parent
        The only meaningful punishment is to dissolve them, and our public officials don't have the guts to shut down corporations for sloppy data handling. They'd rather reserve the death penalty for...

        The only meaningful punishment is to dissolve them, and our public officials don't have the guts to shut down corporations for sloppy data handling. They'd rather reserve the death penalty for driving while black.

        9 votes
        1. Amarok
          Link Parent
          Bring significant sanctions against corporations for malfeasance and they'll shape right up. I love GDPR for this, at 4% of net yearly revenue per infraction. That's potentially several billion...

          Bring significant sanctions against corporations for malfeasance and they'll shape right up. I love GDPR for this, at 4% of net yearly revenue per infraction. That's potentially several billion per mistake.

          The only thing that corporations understand is their bottom line. If it's more expensive to fuck up by being reckless or careless than it is to do things properly, then they'll start doing things properly. We also need a way to fast-track these cases in the courts so they can't just drag out a lawsuit for twenty years. The revenue hit needs to be immediate and unavoidable.

          Some will go out of business from these penalties. That's fine - the businesses that don't fuck up will simply buy up the ones that do and life will go on.

          2 votes
    3. clerical_terrors
      Link Parent
      It seems like a combination of both general incomprehension on the gravity of the issue (understanding physical dossiers vs the abstract notion of client files) from the public and politics, and a...

      It seems like a combination of both general incomprehension on the gravity of the issue (understanding physical dossiers vs the abstract notion of client files) from the public and politics, and a sense that this is now 'too big' to judge, and that dragging Marriot or Equifax to court would effectively ruin them as businesses and cost thousands of people their jobs (because apparently since 2008 the free market means recklessness and incompetence needs to be rewarded instead of punished)

      3 votes
  2. [2]
    nothis
    Link
    This is actually rare, isn't it? Most user data leaks are "logins and encrypted passwords but no credit card information". Like, millions of people just had their credit card info leaked?

    Credit Card Info Included

    This is actually rare, isn't it? Most user data leaks are "logins and encrypted passwords but no credit card information". Like, millions of people just had their credit card info leaked?

    2 votes
    1. Greg
      Link Parent
      It is indeed rare, largely because most developers are smart enough not to store card details in the first place. Generally you'll send the card details straight to a payment processor without...

      It is indeed rare, largely because most developers are smart enough not to store card details in the first place. Generally you'll send the card details straight to a payment processor without them ever touching the database - if a company stores anything, it'll be a unique token that can be charged in future just the same as the physical card, but can also be invalidated without affecting the account itself in the case of a catastrophic breach like this one.

      Perhaps at Marriott's scale there's some upside to having the full card details - I'm not sure at that extreme of volume - but given the details of the breach so far I'm not especially inclined to give them the benefit of the doubt.

      2 votes
  3. [2]
    Troll
    Link
    Until these corporations are properly held accountable we can expect the same old.

    Until these corporations are properly held accountable we can expect the same old.

    1. edward
      Link Parent
      Good luck getting either Republicans or Democrats to hold them accountable.

      Good luck getting either Republicans or Democrats to hold them accountable.