Wednesday, March 24, 2010

Hotels highly hackable

The ID Security Solutions blog reports that Data Breaches are Heaviest at Hotels. According to the post, both Trustwave's Spiderlabs and Verizon Business found that in 2009 Hotels were the had more data breaches than any other industry. That's not very encouraging when you realize that there's not a lot we can do as consumers to protect our data once we've turned it over to the hotel.

To make it worse, the weakest link appears to be the point of sale software. The software is often administered by third parties who log in to systems remotely. If they don't change default passwords, use weak password, or leave passwords blank, then it's easy pickings for data thieves. But I'm not sure I believe that most of the breaches are caused by poor password practices. The Heartland breach that occurred from late 2008 to early 2009 took place after they had passed security audits. Whether the audits were for Sarbanes-Oxley or PCI-DSS compliance, having blank or default passwords would not have passed.

As we move to more and more plastic based economy our financial data becomes more dependent on the security of the businesses we deal with. That is something we have little control over. I'm not sure what the best answer is, but we need to find one.