Starwood Allegedly Had A Chance to Find Hackers in 2015

AlphaAtlas

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
Marriott International suffered a big data breach involving the reservation database for Starwood Properties last week. The attackers allegedly had "unauthorized access" since 2014, and onlookers assumed there were no indications that Starwood's systems were compromised until this year. But, the Wall Street Journal points out that Starwood suffered from a smaller, unrelated data breach in 2015. According to their security consultants, an investigation into the 2015 hack should've provided ample opportunity to discover the other intruders, but the security audit apparently missed it. Back in 2015, Starwood said "We want to assure our customers that we have implemented additional security measures to help prevent this type of crime from reoccurring."

"With all the resources they have, they should have been able to isolate hackers back in 2015," said Andrei Barysevich, a researcher with the security company Recorded Future, in the Wall Street Journal report. A spokeswoman for Marriott said everyone involved would have preferred the incident was identified earlier. "When there is a concern that payment cards are at risk, forensic investigations start looking at devices that process payment cards and follow the evidence from there."
 
It's about time we have a "Right to be Removed" from databases. I stayed at a Marriott once 5 years ago, do they need to keep that information? If I register for a forum, ask one question, and then have no use for it again shouldn't I be able to have my account removed? All those one off places I made a single purchase and now they have my email, password, shipping information.
 
TwiceOver said:
It's about time we have a "Right to be Removed" from databases. I stayed at a Marriott once 5 years ago, do they need to keep that information? If I register for a forum, ask one question, and then have no use for it again shouldn't I be able to have my account removed? All those one off places I made a single purchase and now they have my email, password, shipping information.
Click to expand...

Completely agree. For example the passport info that was taken, that should be deleted 90 days after your stay as its irrelevant for long time storage. Name, date and receipt of payment with no financial markers is all they need to keep.
 
  • Like
Reactions: PaulP
like this
That_Sound_Guy said:
Completely agree. For example the passport info that was taken, that should be deleted 90 days after your stay as its irrelevant for long time storage. Name, date and receipt of payment with no financial markers is all they need to keep.
Click to expand...

But then how will they sell your data? ;)
 
TwiceOver said:
It's about time we have a "Right to be Removed" from databases. I stayed at a Marriott once 5 years ago, do they need to keep that information? If I register for a forum, ask one question, and then have no use for it again shouldn't I be able to have my account removed? All those one off places I made a single purchase and now they have my email, password, shipping information.
Click to expand...
Not just a right to be removed, a reasonable time for keeping data. Did my credit card charge go through? Fine, why do you need to keep that info anymore. You want to keep a record of my name, and ONLY my name, then fine. This is one of those things where while yeah you don't blame someone for criminals, but there should be some sort of gross negligence claim for keep data beyond a reasonable data. And if you violate it, then $1000 fine and that money goes to the people who you screwed over by keeping said data to allow them to put their life back together.

I had the same thing, got a letter in the mail apparently UC Berkeley had a laptop with all sorts of sensitive info from people applying for admissions stolen, and there's two things that really pissed me off first... they didn't accept me, yet felt the need to keep my data (luckily there was no social security numbers involved) and second... I applied like 12 years prior, like seriously WTF argument can they make for keeping anything on me other than maybe my name and some comments they wrote about why they didn't accept me?
 
I smell a class-action lawsuit against Starwood and whatever firm(s) performed the security audit after the 2015 breach.
 
PaulP said:
I smell a class-action lawsuit against Starwood and whatever firm(s) performed the security audit after the 2015 breach.
Click to expand...

Where Acting Director of Consumer Financial Protection Bureau Mick Mulvaney will prominently, and arrogantly scream at the top of his lungs, "SUCK MY ASS OUT WITH JELLY AND SYRUP, BITCHES!" before the case (not so) mysteriously disappears about as (again, not quite so) mysteriously as the funding and support of the very bureau he is supposed to be running.

Wonder how big of a kickback Mr. Mick is getting as a result of this.
 
Satyrist said:
Where Acting Director of Consumer Financial Protection Bureau Mick Mulvaney will prominently, and arrogantly scream at the top of his lungs, "SUCK MY ASS OUT WITH JELLY AND SYRUP, BITCHES!" before the case (not so) mysteriously disappears about as (again, not quite so) mysteriously as the funding and support of the very bureau he is supposed to be running.

Wonder how big of a kickback Mr. Mick is getting as a result of this.
Click to expand...

Why do kids like you always need some gubment mama to run to? No one is stopping you from going to your favorite slimebag lawyer to open a class action lawsuit? Government has nothing to do with it, but we both know this is your desperate attempt to try to smear the Trump administration based on nothing but your childish hurt feelings at losing an election.
 
Satyrist said:
Where Acting Director of Consumer Financial Protection Bureau Mick Mulvaney will prominently, and arrogantly scream at the top of his lungs, "SUCK MY ASS OUT WITH JELLY AND SYRUP, BITCHES!" before the case (not so) mysteriously disappears about as (again, not quite so) mysteriously as the funding and support of the very bureau he is supposed to be running.

Wonder how big of a kickback Mr. Mick is getting as a result of this.
Click to expand...
This has nothing to do with the CFPB or Mr. Mulvaney. The US court system is the proper place to address this particular grievance.
 
Hatriot said:
Why do kids like you always need some gubment mama to run to? No one is stopping you from going to your favorite slimebag lawyer to open a class action lawsuit? Government has nothing to do with it, but we both know this is your desperate attempt to try to smear the Trump administration based on nothing but your childish hurt feelings at losing an election.
Click to expand...

You're reaching a little bit - I was actually looking at tying it together with the Equifax breach, actually.

And we can see where that went. If it isn't getting tied up by an arbitration board, (where the company wins nearly every time) lawyers are the only ones getting rich in a class suit.

K, we can agree, perhaps it isn't with the government.

And perhaps every comment or point of view, isn't always a jab/smear at the current president.

Just like perhaps someone else stating their opinion ISN'T always a personal attack against your sensibilities either.

THERE! Now we can be friends again.
 
You must log in or register to reply here.
Back
Top