"If it ain't broke, don't fix it??"

Post #426,577 by Another Scott 12/2/18 11:10:48 PM 12/2/18 11:10:48 PM Reply	"If it ain't broke, don't fix it??" Yeah. :-/ I've gotten blase' about things like this, even if I were a customer. My CC number changes about every 6-9 months now, so someone having the number from 2014 means it's several generations old. Still, it's senseless for them not to have known about this long ago. I would think that about the first thing done in an acquisition these days would be to scrub the IT system to make sure that it's clean... Cheers, Scott.
Post #426,587 by a6l6e6x 12/3/18 3:10:40 PM 12/3/18 3:10:40 PM Reply	Who and why someone makes a data request needs to be logged and analyzed at more idle times. Also the data needs to be broken up by categories of use and made available only on a "need to know" basis, i.e. with proper authorization. Popping up screens with everything known about a client is just bad practice. Yes, it makes things inefficient. Of course I have no idea how Marriott did things. Alex "There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge." -- Isaac Asimov
Post #426,749 by scoenye 12/12/18 6:52:23 PM 12/12/18 6:52:23 PM Reply	Time to turn the burden around? As these operators are seemingly unable to keep their noses clean and the only thing they care about is money, I think the time has come to set up a nationwide insurance pool. Any operator who insists on hanging on to information which can be used for ID or other theft gets to tithe in based on the number of accounts and the type of information they keep. And then those who do get taken to the cleaners because of one of these breaches* can call on it to repair the damage. Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves. * Primary breaches only. Password recyclers are SOL if the loss is due to a derived breach.
Post #426,750 by lincoln 12/12/18 7:12:11 PM 12/12/18 7:12:11 PM Reply	Re: Time to turn the burden around? Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves. That's the status quo today. It hasn't prevented any company from storing our information safely for the past 25 years. Satan (impatiently) to Newcomer: The trouble with you Chicago people is, that you think you are the best people down here; whereas you are merely the most numerous. - - - Mark Twain, "Pudd'nhead Wilson's New Calendar" 1897
Post #426,751 by drook 12/12/18 10:24:40 PM 12/12/18 10:24:40 PM Reply	That's because we're not actually billing them Whenever there is a fine for fraud or negligence, the fine should be after they've forfeited the entire profit made from the activity. A billion-dollar fine sounds like a lot, until you consider the 14 billion they made because of the fraud. -- Drew
Post #426,770 by scoenye 12/13/18 10:03:34 PM 12/13/18 10:03:34 PM Reply	Not quite With "pay for the damage", I mean restitution of the damage others have suffered. To date, that still falls entirely on the victims.

Welcome to IWETHEY!