An Appalling Complacency
It appears we can add ‘hotels’ the list of industries where companies have utterly failed their customers in terms of protecting customer’s sensitive private information as the world’s largest hotel chain, Marriott International announced just Friday that the data of 500 million customers including contact and credit card information was compromised.
While the hotel you stayed at on that road stop may not strike you as the place to fear to turn over your Mastercard digits, apparently as the economy increasingly shifts towards a digital marketplace even industries that traditionally don’t have a place in the ‘webconomy’ have become integrated, and thus vulnerable as many Marriott customers now know. NBC News reports,
“Following a company-wide database assessment, Marriott concluded on November 19 the breach occurred on Starwood’s network and that unauthorized activity has taken place on its servers since 2014, which included duplicating and encrypting data.
“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” the Bethesda, Maryland-based company said in a statement.
Marriott said roughly 327 million guests had their names, phone number, email addresses, along with passport numbers were illegally obtained in the breach. “There are some customers who may have also had their credit card information taken. While that data would have been encrypted, Marriott said it can’t rule out the information may have been decoded.”
Yet Nothing Will Happen
Despite the breach being the second largest corporate breaches in history, second only to an insane 3 *Billion* user breach declining web juggernaut Yahoo suffered in 2017, nothing has, or likely will, happen to the company responsible for the lackluster security, despite potentially ruining 300 million lives.
While Marriott shares did plummet 5% in the day after the news leaked, the fact of the matter is the corporation, as well as its peers across all industries from premier organizations like Facebook to the ruffians of the digital economy like AdultFriendFinder suffer little if any formal legal ramifications for failing to ensure the privacy of legions of consumer information they turn around and demand access to in order to utilize their various services.
New Legislation Needed
While there’s certainly nothing forcing consumers to engage with businesses – and thus offer information – the reality is in order to adequately function in modern American society a lot of companies need access to a lot of our information and we absolutely need mechanisms in place to ensure that it’s done ethically and safely.
This isn’t merely the singular musings of a PunchingBagPost author either; as even monolithic organizations like credit rating agencies suffer breaches high profile leaders and politicians have begun to echo the concerns of countless consumers. CBS News explains,
The breach prompted some lawmakers and security experts to call for new laws to strengthen consumer protections and privacy standards.
“Rather than accepting this trend as the new normal, this latest incident should strengthen Congress’s resolve,” Sen. Mark Warner, D-Virginia, tweeted. “And it is past time we enact data security laws that ensure companies account for security costs rather than making their consumers shoulder the burden and harms resulting from these lapses.”
Some security experts said the breadth of the data involved presents problems for consumers, especially with the loss of sensitive data such as passport information.
“Its impact on the victims is much greater than the numbers reveal,” said John Gunn, chief marketing officer of cybersecurity company OneSpan. “It is remarkably easy to request a replacement credit card from your financial institution and you are not responsible for fraudulent activities – try that with your passport.”
While the infamously slothful federal bureaucracies have done little in terms of moving on securing American data (I guess years long Russia investigations are of more importance…) at least some public-sector officials have started moving with this most recent – and extremely substantial – failure of corporate stewardship endangering US citizens. CBS continues,
The New York Attorney General’s office said in a tweet that it has opened an investigation into the breach. “New Yorkers deserve to know that their personal information will be protected,” the office said. Other state attorneys general also said they planned to investigate, including Maryland and Pennsylvania.
Call me prophetic, but I all but guarantee that the ‘investigation’ will go nowhere in no particular hurry eventually leaving Marriott free of responsibility for shattering the identity security of consumers. Why? Nothing has happened before.
When push comes to shove companies won’t practice and engage in proper jurisprudence in regard to data security until legislation hits them with sanctions for failures in the one place companies hold sacred above all, their bottom line.
Until companies like Marriott and Yahoo are forced to actually suffer *consequences* for the rapidly becoming far too common failures of safeguarding information, they’ll continue to care little about it, and invest even less in its development.
And why should they? So long as we the consumers are the only ones why actually suffer for their failings…
Editor’s note: Knowledge is power, knowledge is leverage. If you can easily steal financial information, think how much information you can gather on an individual. Make no mistake, the lack of security on these kinds of databases is an assault on individual liberty.
What about the people who actually do the hacking? Why not figure out a way to track them down and throw them in solitary confinement for the remainder of their lives? The companies being hacked, as well of the millions whose data has been stolen, are the victims of the crime. Marriott bought the company who was hacked and was diligent enough to discover the intrusion.
If the perpetrators were to be caught and severely punished, that would be the beginning of a deterrent to the actual crime. If there are people smart enough to hack into sophisticated systems, then there are certainly people who are smart enough to track them down.