Originally Posted by
GUWonder
That is anything but certain unless and until we know more about what happened than what Marriott has publicly disclosed in the open.
Naah. The source of this is an easy layup.
Lets see ... someone planted a system for mining data in 2014. The data they pulled had the ability to track who and where, but the credit card data was potentially encrypted. Certainly in the past four years, if this was done for economic purposes, Amex would have noticed a pattern of fraud tied to SPG Amex holders since they would have been disproportionately impacted by any fraud aspects of that. Seen any reports on here from SPG Amex holders ... saying they were victims of fraud? Many of us have monitoring services that detect identity information being sold on the dark web. Again ... seen any reports of that from legacy SPG folks? The lack of selling that information again suggests a state actor.
And then, they've been mining the data since 2014. Most of the economic data breaches are usually hit and run, rather than extended mining.
The outrage here at the legacy SPG folks should really be focused on a certain state actor.