IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New "If it ain't broke, don't fix it??"
Yeah.

:-/

I've gotten blase' about things like this, even if I were a customer. My CC number changes about every 6-9 months now, so someone having the number from 2014 means it's several generations old.

Still, it's senseless for them not to have known about this long ago. I would think that about the first thing done in an acquisition these days would be to scrub the IT system to make sure that it's clean...

Cheers,
Scott.
New Who and why someone makes a data request needs to be logged and analyzed at more idle times.
Also the data needs to be broken up by categories of use and made available only on a "need to know" basis, i.e. with proper authorization. Popping up screens with everything known about a client is just bad practice. Yes, it makes things inefficient.

Of course I have no idea how Marriott did things.
Alex

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
New Time to turn the burden around?
As these operators are seemingly unable to keep their noses clean and the only thing they care about is money, I think the time has come to set up a nationwide insurance pool. Any operator who insists on hanging on to information which can be used for ID or other theft gets to tithe in based on the number of accounts and the type of information they keep. And then those who do get taken to the cleaners because of one of these breaches* can call on it to repair the damage.

Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves.

* Primary breaches only. Password recyclers are SOL if the loss is due to a derived breach.
New Re: Time to turn the burden around?

Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves.




That's the status quo today. It hasn't prevented any company from storing our information safely for the past 25 years.




Satan (impatiently) to Newcomer: The trouble with you Chicago people is, that you think you are the best people down here; whereas you are merely the most numerous.
- - - Mark Twain, "Pudd'nhead Wilson's New Calendar" 1897
New That's because we're not actually billing them
Whenever there is a fine for fraud or negligence, the fine should be after they've forfeited the entire profit made from the activity. A billion-dollar fine sounds like a lot, until you consider the 14 billion they made because of the fraud.
--

Drew
New Not quite
With "pay for the damage", I mean restitution of the damage others have suffered. To date, that still falls entirely on the victims.
     Krebs - The Marriott/Starwood breach and what to do going forward. - (Another Scott) - (8)
         A four year breach? - (a6l6e6x) - (6)
             "If it ain't broke, don't fix it??" - (Another Scott) - (5)
                 Who and why someone makes a data request needs to be logged and analyzed at more idle times. - (a6l6e6x)
                 Time to turn the burden around? - (scoenye) - (3)
                     Re: Time to turn the burden around? - (lincoln) - (2)
                         That's because we're not actually billing them - (drook)
                         Not quite - (scoenye)
         Looks like it's the Chinese again... - (a6l6e6x)

We do, after all, survive every moment... except the last.
68 ms