Yes, it was only related to Marriott's timeshare and vacation club owners. That's a separate business from the hotel chain with separate computer systems. By the way, Marriott Corporation owns less than 10% of the hotels that bear their logo -- the rest are all franchises, many of which are managed by (but not owned by) Marriott. There has been a lot of press about identity theft and lost personal information in recent years, mostly due to California's law that requires notification of any lost data that **could** lead to identity theft. The data elements required to assume someone's identity in the U.S. are full legal name, date of birth, and social security number. As hotel guests, the most that the hotel chain would have is a name, home address and credit card number -- not enough for identity theft, but of course, it is enough for credit card fraud. It's been common practice in the Information Technology industry to send backup tapes via 3rd parties (UPS, FedEx, etc.) to offsite storage facilities. Until recently, no one gave much thought to encrypting them -- we trusted the 3rd party not to lose them, and there actually has never been a confirmed case of identity theft or credit card fraud based on a lost backup tape. Keep in mind that backup tapes are in a compressed format -- on it is a stream of letters, numbers and other symbols, and you have to know the format to be sure of where one data item begins and another one ends. Most of the lost backup tapes turn up eventually, and for many reasons, these incidents are largely noise that isn't as bad as the press makes it sound. On the other hand, obfuscation isn't the same as security, so companies are taking steps to encrypt backup tapes to secure them from prying eyes. Here is an article that recaps 2005's most infamous data security breaches. The ones to be really concerned about are incidents like CardSystems, ChoicePoint and LexisNexis where the thieves penetrated their live systems and were clearing taking information so they could use it or sell it. http://www.baselinemag.com/article2/0,1397,1834526,00.asp?kc=BANKT0209KTX1K0... -- Andy Oppel, N6AJO Pacific Division Vice Director (also Principal Data Architect, Ceridian and author of "Databases Demystified" and "SQL Demystified", both published by McGraw-Hill/Osborne) At 10:17 AM 12/29/2005, you wrote:

Gary,

As far as I see, this only relates to employees, members and customers of Marriott's Time Share unit and not their hotels unit.

I believe that anything we are doing with Marriott for the board meetings would be totally different. I have never given Marriott my social security number nor my bank account number. I am not concerned.

- Bill N3LLR

---------- From: Gary Johnston [mailto:gary@one.net] Sent: Thursday, December 29, 2005 1:04 PM To: arrl-odv Subject: [arrl-odv:13430] Marriott customer data for 200,000 missing

As many of us are Marriott customers, I found the following disturbing. /Gary KI4LA/

--

Marriott customer data for 200,000 missing

December 28, 2005

ORLANDO, Fla. --The timeshare unit of Marriott International Inc. is notifying more than 200,000 people that their personal data are missing after backup computer tapes went missing from a Florida office.

The data relates to 206,000 employees, timeshare owners and timeshare customers of Marriott Vacation Club International, the company said in a statement Tuesday. The computer tapes were stored in Orlando, where the unit is based.

The company did not say when the tapes disappeared. They contained Social Security numbers, bank and credit card numbers, according to letters the company began sending customers on Saturday.

... (article continues) ...

<http://www.boston.com/business/articles/2005/12/28/marriott_customer_data_for_200000_missing/>http://www.boston.com/business/articles/2005/12/28/marriott_customer_data_for_200000_missing/