https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/
A good read.
Cheers,
Scott.
A good read.
Cheers,
Scott.
Krebs - The Marriott/Starwood breach and what to do going forward.
https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/ A good read. Cheers, Scott. |
|
A four year breach?
That's incredible. Alex "There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge." -- Isaac Asimov |
|
"If it ain't broke, don't fix it??"
Yeah. :-/ I've gotten blase' about things like this, even if I were a customer. My CC number changes about every 6-9 months now, so someone having the number from 2014 means it's several generations old. Still, it's senseless for them not to have known about this long ago. I would think that about the first thing done in an acquisition these days would be to scrub the IT system to make sure that it's clean... Cheers, Scott. |
|
Who and why someone makes a data request needs to be logged and analyzed at more idle times.
Also the data needs to be broken up by categories of use and made available only on a "need to know" basis, i.e. with proper authorization. Popping up screens with everything known about a client is just bad practice. Yes, it makes things inefficient. Of course I have no idea how Marriott did things. Alex "There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge." -- Isaac Asimov |
|
Time to turn the burden around?
As these operators are seemingly unable to keep their noses clean and the only thing they care about is money, I think the time has come to set up a nationwide insurance pool. Any operator who insists on hanging on to information which can be used for ID or other theft gets to tithe in based on the number of accounts and the type of information they keep. And then those who do get taken to the cleaners because of one of these breaches* can call on it to repair the damage. Any operator who gets caught out storing sensitive information without paying in gets to foot the bill themselves. * Primary breaches only. Password recyclers are SOL if the loss is due to a derived breach. |
|
Re: Time to turn the burden around?
That's the status quo today. It hasn't prevented any company from storing our information safely for the past 25 years. Satan (impatiently) to Newcomer: The trouble with you Chicago people is, that you think you are the best people down here; whereas you are merely the most numerous. - - - Mark Twain, "Pudd'nhead Wilson's New Calendar" 1897 |
|
That's because we're not actually billing them
Whenever there is a fine for fraud or negligence, the fine should be after they've forfeited the entire profit made from the activity. A billion-dollar fine sounds like a lot, until you consider the 14 billion they made because of the fraud. -- Drew |
|
Not quite
With "pay for the damage", I mean restitution of the damage others have suffered. To date, that still falls entirely on the victims. |
|
Looks like it's the Chinese again...
In part to watch their citizens. But potentially all kinds of nefarious stuff. NY Times: Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation. Alex "There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge." -- Isaac Asimov |