Marriott hack update: Hotel now admits hackers got passport numbers

xeni · January 4, 2019, 7:48pm

Originally published at: https://boingboing.net/2019/01/04/marriott-hack-got-passports.html

…

RHD · January 4, 2019, 8:13pm

Why in the world were they asking for passport numbers, and why would anyone in fact give them that? Unless I’m at an international border or booking an international flight I’m not giving that information to anyone!

anon75430791 · January 4, 2019, 8:26pm

I could see some countries requiring a passport number on file for foreign guests, due to local laws.

aidtopia · January 4, 2019, 9:01pm

I thought we’d already heard they got passport numbers on the original story. What’s the new part of the news here?

I too am astounded that a hotel chain would be collecting passport numbers. Even if it’s to comply with a local requirement, then they should collect those only in those jurisdictions and then destroy them as soon as they’re no longer needed. Why are these retained along with all this other data?

Data is a liability, not an asset.

Raoul · January 4, 2019, 9:13pm

Most other countries require a passport number when you check into a hotel and don’t have a local ID document

anon75430791 · January 4, 2019, 9:14pm

I just remembered, my brother and I one time stayed at a Marriott in Tokyo. Had to present both our passports when we checked in.

knoxblox · January 4, 2019, 9:36pm

All over eastern Europe, in hotels, hostels, or even renting an apartment, locals require foreigners to surrender your passport, or for apartments, bring a photocopy.

MikeR · January 4, 2019, 9:42pm

And why wasn’t the personal data of customers not encrypted whilst at rest?

I’ve put in a message to Marriott asking them to tell me what data of mine was affected. Under the U.K. DPA they have 30 days to tell me otherwise the Information Commissioner can decide if they want to start a DPA2018 action against them. And that potentially brings them under the remit of GDPR.

I suggest any other U.K. BoingBoingers who have had a message from Marriott about their accounts does the same.

FGD135 · January 5, 2019, 10:34am

Douglas_Moreen · January 5, 2019, 7:14pm

Shouldn’t corporations be fined $10 or even better $100 per personal information that is leaked to a hacker.
Which means they would pay a fine of 38 billion dollars.

xeni · January 9, 2019, 7:59pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
In 60 seconds, security researchers can clone the master hotel-room keys for 140,000 hotels in 160 countries boing	12	1059	April 30, 2018
Marriott hack blamed on China boing	5	749	December 11, 2018
Hackers steal Trump Hotel guests' credit card numbers and other info. Again boing	23	2013	July 17, 2017
Philippines electoral data breach much worse than initially reported, possibly worst ever boing	9	1706	April 15, 2016
Your passports are full of tech boing	8	1263	March 29, 2018

Marriott hack update: Hotel now admits hackers got passport numbers

Related Topics