MiceAge on the latest news regarding MyMagic+ : Read it and weep.

[ford91exploder]

but why are we so scared? seriously? think of all the places we enter, write down, type, etc. our names, addresses, phone numbers, email addresses, or take it a step further give our credit card numbers, hand our credit cards to waiters/waitresses, etc. etc.

what makes some so scared that a CM at the Disney/Magic Kingdom emporium might do some criminal act that they couldn't do today if they really wanted to

Because in the past you could not hook up a USB device to the cash register/terminal and download transaction data as you can with an iPad.

iPad's are not hardened devices and they are nowhere as secure as a blackberry which can be set up to nuke itself if connected to anything but an authorized device.

 

[ford91exploder]

Does your state encrypt the SSN? I have read about two states that have the SSN in the magstripe, but it is encrypted.

No, They use cheapest contractors possible and encryption is far beyond their capabilities.

 

[WDWDad13]

Because in the past you could not hook up a USB device to the cash register/terminal and download transaction data as you can with an iPad.

iPad's are not hardened devices and they are nowhere as secure as a blackberry which can be set up to nuke itself if connected to anything but an authorized device.

ok... so let me ask this question another way based on your reply

why are we so scared a frontline CM at Disney/Magic Kingdom Emporium could download transaction data? WHO CARES if they know little billy's dad bough him a stuffed mickey mouse toy

 

[WDWDad13]

No, They use cheapest contractors possible and encryption is far beyond their capabilities.

so with that being said... what makes you think these CM's carrying Ipads or whatever are intelligent enough to pull of some major criminal act based on our "limited" information lol

 

[danlb_2000]

so with that being said... what makes you think these CM's carrying Ipads or whatever are intelligent enough to pull of some major criminal act based on our "limited" information lol

So you are ok with personal information being accessed by people just because you THINK they might not be able to use it? IT system security should always be designed around the "principle of least privilege", if there is no valid business reason for someone in a specific role to have access to a piece of data then they shouldn't have access to it. This way you don't have to worry about whether they could or are even capable of using that data in a malicious way. Unfortunately, if this system is really over budget and behind schedule, security if often one of the first things to fall by the way side in situations like this.

 

[ford91exploder]

ok... so let me ask this question another way based on your reply

why are we so scared a frontline CM at Disney/Magic Kingdom Emporium could download transaction data? WHO CARES if they know little billy's dad bough him a stuffed mickey mouse toy

Dad might care if his CC number was downloaded and used by a carding gang.

Frequently low level staff with 'issues' are approached by a member of a organized crime group who offers to make problem go away if they install this 'device/software' on their employers machines. It happens at gas stations and supermarkets as well. The Heartland Payments compromise was done like this.

 

[wdisney9000]

but why are we so scared? seriously? think of all the places we enter, write down, type, etc. our names, addresses, phone numbers, email addresses, or take it a step further give our credit card numbers, hand our credit cards to waiters/waitresses, etc. etc.

what makes some so scared that a CM at the Disney/Magic Kingdom emporium might do some criminal act that they couldn't do today if they really wanted to

Its a bigger picture thing. A waitress just has your credit card and thats it. A place like Disney has your CC, address, phone number, full name, DOB, etc. You are much more vulnerable to fraud when a criminal has more information. Especially if there is more than one criminal working together in different areas. Criminals will tend to migrate to where its easiest to do their job. Now Disney has a big bulls eye on its back. I agree with you that we are just as much at risk in other places besides Disney but it stinks to have to add one more place to that list. And yes, they had all this information before, but it was not as easily accessible as it is now. It also has a lot to do with what @PhotoDave219 mentioned regarding transparency. By not disclosing exactly what they are doing with the information I can only guess its less about my vacation experience and MORE about their wallet.

 

[Nubs70]

so with that being said... what makes you think these CM's carrying Ipads or whatever are intelligent enough to pull of some major criminal act based on our "limited" information lol

Because they could sell the info to someone who could pull off a criminal act. The CM could use the proceeds to augment their income.

 

[wdisney9000]

so with that being said... what makes you think these CM's carrying Ipads or whatever are intelligent enough to pull of some major criminal act based on our "limited" information lol

Whose to say the CM with an Ipad isnt some hacker that knew getting a job as a low level front line CM was his ticket to all the data he needed? He wouldnt care about the low paying salary and nobody (yourself included obviously) would suspect a low level CM of being capable of such a crime.

 

[cslafferty]

Speaking of people I know - not necessarily people in this thread or on this forum: I find it funny that some will get all nervous, leery, and skeptical about sharing their information, like with MM+, yet will go on social media and post things like "5 more days til we leave for a week in Barbados - CANT WAIT!" Might as well put a sign on your door "Gone on vacation. Come on in and help yourself."

 

[wdisney9000]

Speaking of people I know - not necessarily people in this thread or on this forum: I find it funny that some will get all nervous, leery, and skeptical about sharing their information, like with MM+, yet will go on social media and post things like "5 more days til we leave for a week in Barbados - CANT WAIT!" Might as well put a sign on your door "Gone on vacation. Come on in and help yourself."

Your are soooo right. I have friends that post every little thing they do on FB. "Going to the movies" , "mowing the lawn", "leaving town for a week and cant find a house sitter" If someone just watched their FB status for a week they would know their entire routine. When I point it out to them they just laugh and say, "its only my friends who see it" I guess they never heard of "a jealous ones envy"

 

[ford91exploder]

Speaking of people I know - not necessarily people in this thread or on this forum: I find it funny that some will get all nervous, leery, and skeptical about sharing their information, like with MM+, yet will go on social media and post things like "5 more days til we leave for a week in Barbados - CANT WAIT!" Might as well put a sign on your door "Gone on vacation. Come on in and help yourself."

Its why I don't even use a vacation automessage on corporate/personal email, And as for Social media DW and I post After we return - not before or during.

 

[GoofGoof]

so with that being said... what makes you think these CM's carrying Ipads or whatever are intelligent enough to pull of some major criminal act based on our "limited" information lol

I know we've been down this path before, but I'll do it once more. It doesn't need to be a major criminal act or even really a criminal act at all and you don't need intelligence to pull it off. If a CM has an IPad with my itinery, where I'm staying, where I'm from, where I'm eating dinner each night, what park I'm going to be in, what rides I'm going to be riding, etc... It's just creepy and unnecessary to me. Here's a simple hypothetical example of how it can be creepy. A 19 year old girl has breakfast at Ohana. The waiter attempts to engage in a little back and forth conversation, maybe some flirting. On her way out of the restaurant he asks her if she wants to get together later that night. She politely declines. Guess who shows up that night at the restaurant she is having dinner or the ride she has reserved. It's just creepy. If she's 16 instead of 19 it makes it even worse. If the guy shows up at her room it could be both creepy and dangerous. He doesn't need to steal her identity or even her credit card number.

I'm sure the vast majority of Disney CMs are good honest people and this is a highly unlikely scenario but it only takes one bad seed. Why make that kind of info available to people who don't need it to do their job.

 

[ford91exploder]

Its a bigger picture thing. A waitress just has your credit card and thats it. A place like Disney has your CC, address, phone number, full name, DOB, etc. You are much more vulnerable to fraud when a criminal has more information. Especially if there is more than one criminal working together in different areas. Criminals will tend to migrate to where its easiest to do their job. Now Disney has a big bulls eye on its back. I agree with you that we are just as much at risk in other places besides Disney but it stinks to have to add one more place to that list. And yes, they had all this information before, but it was not as easily accessible as it is now. It also has a lot to do with what @PhotoDave219 mentioned regarding transparency. By not disclosing exactly what they are doing with the information I can only guess its less about my vacation experience and MORE about their wallet.

THIS was the biggest loss incurred by NGE/MM+ Before Disney was a happy place where you could be a kid again with your family, The real world was left at the gates of Disney for a while and you could share a happy time with your family without worries.

Now the real world has intruded big time into Disney and the experience has been severely impacted because of it, If someone had told me 3 years ago that I would be worrying about data security at Disney I would have said they were insane. Turns out they were prophetic - very sad and the world grows a little more grey because of it.

 

[ford91exploder]

I know we've been down this path before, but I'll do it once more. It doesn't need to be a major criminal act or even really a criminal act at all and you don't need intelligence to pull it off. If a CM has an IPad with my itinery, where I'm staying, where I'm from, where I'm eating dinner each night, what park I'm going to be in, what rides I'm going to be riding, etc... It's just creepy and unnecessary to me. Here's a simple hypothetical example of how it can be creepy. A 19 year old girl has breakfast at Ohana. The waiter attempts to engage in a little back and forth conversation, maybe some flirting. On her way out of the restaurant he asks her if she wants to get together later that night. She politely declines. Guess who shows up that night at the restaurant she is having dinner or the ride she has reserved. It's just creepy. If she's 16 instead of 19 it makes it even worse. If the guy shows up at her room it could be both creepy and dangerous. He doesn't need to steal her identity or even her credit card number.

I'm sure the vast majority of Disney CMs are good honest people and this is a highly unlikely scenario but it only takes one bad seed. Why make that kind of info available to people who don't need it to do their job.

Absolutely - And there has been more than one 'bad seed' in the Orlando Sentinel.

 

[danlb_2000]

I know we've been down this path before, but I'll do it once more. It doesn't need to be a major criminal act or even really a criminal act at all and you don't need intelligence to pull it off. If a CM has an IPad with my itinery, where I'm staying, where I'm from, where I'm eating dinner each night, what park I'm going to be in, what rides I'm going to be riding, etc... It's just creepy and unnecessary to me. Here's a simple hypothetical example of how it can be creepy. A 19 year old girl has breakfast at Ohana. The waiter attempts to engage in a little back and forth conversation, maybe some flirting. On her way out of the restaurant he asks her if she wants to get together later that night. She politely declines. Guess who shows up that night at the restaurant she is having dinner or the ride she has reserved. It's just creepy. If she's 16 instead of 19 it makes it even worse. If the guy shows up at her room it could be both creepy and dangerous. He doesn't need to steal her identity or even her credit card number.

I'm sure the vast majority of Disney CMs are good honest people and this is a highly unlikely scenario but it only takes one bad seed. Why make that kind of info available to people who don't need it to do their job.

WDWDad13 calls this an obsurde scenario in 3.. 2... 1...

In all seriousness there is a fine line between what information CM's should have and what they shouldn't. Allowing them so see what rides I have booked for that day, restaurant reservations, or even what on-site hotel I am staying at could be used to help provide better customer service, but I don't see a good reason for the average park CM to know what room I am in, this should be restricted to the staff at the hotel I am staying at.

 

[WDWDad13]

So you are ok with personal information being accessed by people just because you THINK they might not be able to use it? IT system security should always be designed around the "principle of least privilege", if there is no valid business reason for someone in a specific role to have access to a piece of data then they shouldn't have access to it. This way you don't have to worry about whether they could or are even capable of using that data in a malicious way. Unfortunately, if this system is really over budget and behind schedule, security if often one of the first things to fall by the way side in situations like this.

They can already access tons of our information. Don't pass all of this off on a rubber band around your wrist

 

[WDWDad13]

Because they could sell the info to someone who could pull off a criminal act. The CM could use the proceeds to augment their income.

WOW stretch

 

[ford91exploder]

WDWDad13 calls this an obsurde scenario in 3.. 2... 1...

In all seriousness there is a fine line between what information CM's should have and what they shouldn't. Allowing them so see what rides I have booked for that day, restaurant reservations, or even what on-site hotel I am staying at could be used to help provide better customer service, but I don't see a good reason for the average park CM to know what room I am in, this should be restricted to the staff at the hotel I am staying at.

GR would be a place where I would assume they had and needed FULL access to my guest profile so they COULD help me and in the past only GR and Hotel staff had Full access.

A MM+ attendant, a turnstile staffer the roaming iPad brigade only needs Name, Ticket entitlement and FP+ information but now all that data is scattered from here to h--l and back.

 

[WDWDad13]

This is getting laughable....well all I can say is stay home and be safe....(might want to get rid of your cell phone, definitely get offline, and move to a cave in a third world)....I'll be in the parks having fun with my family