Marriott Sheds New Light on Massive Breach

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

50%

John Lenn,
User Rank: Apprentice
1/9/2019 | 5:42:17 AM

5.25 million unencrypted passport numbers

Marriott also believes that about 5.25 million unencrypted passport numbers were included in those records. Approximately 20.3 million encrypted passport numbers were also compromised.

Additionally, approximately 8.6 million encrypted payment cards were involved in the breach, but there is no evidence that the hackers have the mechanism to decrypt those numbers. This was the news that has been disclosed by marriot on november

Reply | Post Message | Messages List | Start a Board

50%

REISEN1955,
User Rank: Ninja
1/7/2019 | 1:26:17 PM

Re: Even Dentists?

There is no REQUIREMENT for your number according to Clark Howard in Georgia. People just assume so and put the numbers in.

Reply | Post Message | Messages List | Start a Board

50%

RyanSepe,
User Rank: Ninja
1/7/2019 | 1:16:29 PM

Required Data

Only harbor data required to perform the business function. As the article denotes there is really no reason for a hotel to keep passport information. If you can minimize the amount of sensitve data stored at the company you won't have to rely on encryption as heavily to be your saving grace.

Reply | Post Message | Messages List | Start a Board

50%

RSR55,
User Rank: Apprentice
1/7/2019 | 9:52:50 AM

Re: Even Dentists?

Your medical insurance company will need your SSN and for those covered by your policy for compliance with current law, but medical and/or dental practices should NOT require it from you. Just politely say No.

Reply | Post Message | Messages List | Start a Board

50%

REISEN1955,
User Rank: Ninja
1/7/2019 | 8:34:12 AM

SSN for medical use

There is a specific purpose involved, not good, and it is for potential malpractice suits.

Reply | Post Message | Messages List | Start a Board

50%

Pm4zv,
User Rank: Apprentice
1/6/2019 | 8:36:49 PM

Even Dentists?

I can remember dental offices and such were using a "standardized" form for new patients, which asked for SSN. I just ignored it. But SSN for a dental office? Sheesh.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

AI Is Everywhere, but Don't Ignore the Basics

Howie Xu, Vice President of AI and Machine Learning at Zscaler, 9/10/2019

Third-Party Features Leave Websites More Vulnerable to Attack

Dark Reading Staff 9/10/2019

Fed Kaspersky Ban Made Permanent by New Rules

Dark Reading Staff 9/11/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Enterprise Connect Conference & Expo 2020 - Registration Now Open!

More Informa Tech Live Events

White Papers

Hackers & Artificial Intelligence: A Dynamic Duo

2019 State of the Internet/Security: Financial Services Attack Economy

[Case Study] Speeding Up Security Testing with Breach & Attack Simulation

Security 911: How to Be a Zero-Day Network First Responder

The Fundamental Guide to Building a Better SOC

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This is not what I had expected when we discussed preparing for the upcoming SOC 2 Assessment.

Cartoon Archive

Current Issue

7 Threats & Disruptive Forces Changing the Face of Cybersecurity

This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-4147
PUBLISHED: 2019-09-16

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.

CVE-2019-5481
PUBLISHED: 2019-09-16

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

CVE-2019-5482
PUBLISHED: 2019-09-16

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

CVE-2019-15741
PUBLISHED: 2019-09-16

An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation

CVE-2019-16370
PUBLISHED: 2019-09-16

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.

Terms of Service
Privacy Statement
Legal Entities