Connect with us

Technology

Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted

Published

on

[ad_1]

The Marriott investigation has revealed a new vulnerability in hotel systems: What happens to passport data when a customer makes a reservation or checks into a hotel, usually abroad, and hands over a passport to the desk clerk. Marriott said for the first time that 5.25 million passport numbers were kept in the Starwood system in plain, unencrypted data files — meaning they were easily read by anyone inside the reservation system. An additional 20.3 million passport numbers were kept in encrypted files, which would require a master encryption key to read. It is unclear how many of those involved American passports, and how many come from other countries.

“There is no evidence that the unauthorized third party accessed the master encryption key needed to decrypt the encrypted passport numbers,” Marriott said in a statement.

It was not immediately clear why some numbers were encrypted and others were not — other than that hotels in each country, and sometimes each property, had different protocols for handling the passport information. Intelligence experts note that American intelligence agencies often seek the passport numbers of foreigners they are tracking outside the United States — which may explain why the United States government has not insisted on stronger encryption of passport data worldwide.

Asked how Marriott was handling the information now that it has merged Starwood’s data into the Marriott reservations system — a merger that was just completed at the end of 2018 — Connie Kim, a company spokeswoman, said: “We are looking into our ability to move to universal encryption of passport numbers and will be working with our systems vendors to better understand their capabilities, as well as reviewing applicable national and local regulations.”

The State Department issued a statement last month telling passport holders not to panic, because the number alone would not enable someone to create a fake passport. Marriott has said it would pay for a new passport for anyone whose passport information, hacked from their systems, was found to be involved in a fraud. But that was something of a corporate sleight of hand, since it provided no coverage for guests who wanted a new passport simply because their data had been taken by foreign spies.

So far the company has ducked addressing that issue by saying it has no evidence about who the attackers were, and the United States has not formally accused China in the case. But private cyberintelligence groups that have looked at the breach have seen strong parallels with the other, Chinese-related attacks underway at the time. The company’s president and chief executive, Arne Sorenson, has not answered questions about the hacking in public, and Marriott said he was traveling and declined a request from The Times to talk about hacking.

The company also said that about 8.6 million credit and debit cards were “involved” in the incident, but those are all encrypted — and all but 354,000 cards had expired by September 2018, when the hacking, which went on for years, was discovered.

So far, there are no known cases in which stolen passport or credit card information was found in fraudulent transactions. But to cyberattack investigators, that is just another sign that the hacking was conducted by intelligence agencies, not criminals. The agencies would want to use the data for their own purposes — building databases and tracking government or industrial surveillance targets — rather than exploiting the data for economic profit.

[ad_2]

Source link

قالب وردپرس

Technology

More groups join in support of women in STEM program at Carleton

Published

on

By

OTTAWA — Major companies and government partners are lending their support to Carleton University’s newly established Women in Engineering and Information Technology Program.

The list of supporters includes Mississauga-based construction company EllisDon.

The latest to announce their support for the program also include BlackBerry QNX, CIRA (Canadian Internet Registration Authority), Ericsson, Nokia, Solace, Trend Micro, the Canadian Nuclear Safety Commission, CGI, Gastops, Leonardo DRS, Lockheed Martin Canada, Amdocs and Ross.

The program is officially set to launch this September.

It is being led by Carleton’s Faculty of Engineering and Design with the goal of establishing meaningful partnerships in support of women in STEM.  

The program will host events for women students to build relationships with industry and government partners, create mentorship opportunities, as well as establish a special fund to support allies at Carleton in meeting equity, diversity and inclusion goals.

Continue Reading

Technology

VR tech to revolutionize commercial driver training

Published

on

By

Serious Labs seems to have found a way from tragedy to triumph? The Edmonton-based firm designs and manufactures virtual reality simulators to standardize training programs for operators of heavy equipment such as aerial lifts, cranes, forklifts, and commercial trucks. These simulators enable operators to acquire and practice operational skills for the job safety and efficiency in a risk-free virtual environment so they can work more safely and efficiently.

The 2018 Humboldt bus catastrophe sent shock waves across the industry. The tragedy highlighted the need for standardized commercial driver training and testing. It also contributed to the acceleration of the federal government implementing a Mandatory Entry-Level Training (MELT) program for Class 1 & 2 drivers currently being adopted across Canada. MELT is a much more rigorous standard that promotes safety and in-depth practice for new drivers.

Enter Serious Labs. By proposing to harness the power of virtual reality (VR), Serious Labs has earned considerable funding to develop a VR commercial truck driving simulator.

The Government of Alberta has awarded $1 million, and Emissions Reduction Alberta (ERA) is contributing an additional $2 million for the simulator development. Commercial deployment is estimated to begin in 2024, with the simulator to be made available across Canada and the United States, and with the Alberta Motor Transport Association (AMTA) helping to provide simulator tests to certify that driver trainees have attained the appropriate standard. West Tech Report recently took the opportunity to chat with Serious Labs CEO, Jim Colvin, about the environmental and labour benefits of VR Driver Training, as well as the unique way that Colvin went from angel investor to CEO of the company.

Continue Reading

Technology

Next-Gen Tech Company Pops on New Cover Detection Test

Published

on

By

While the world comes out of the initial stages of the pandemic, COVID-19 will be continue to be a threat for some time to come. Companies, such as Zen Graphene, are working on ways to detect the virus and its variants and are on the forefronts of technology.

Nanotechnology firm ZEN Graphene Solutions Ltd. (TSX-Venture:ZEN) (OTCPK:ZENYF), is working to develop technology to help detect the COVID-19 virus and its variants. The firm signed an exclusive agreement with McMaster University to be the global commercializing partner for a newly developed aptamer-based, SARS-CoV-2 rapid detection technology.

This patent-pending technology uses clinical samples from patients and was funded by the Canadian Institutes of Health Research. The test is considered extremely accurate, scalable, saliva-based, affordable, and provides results in under 10 minutes.

Shares were trading up over 5% to $3.07 in early afternoon trade.

Continue Reading

Chat

Trending