Hoax debunked: Hotel card keys store sensitive personal info [priv]

[Declan McCullagh <declan () well com>]

It looks like a clueless police detective started this urban legend:
http://urbanlegends.miningco.com/library/bl_hotel_keycards.htm

-Declan

---

Hi, Declan.

Is this information about hotel card keys accurate?

If so, it might be of interest to one of your lists…

[identity removed to protect the guilty --DBM]


----------
From: <…snipped>
Sent: Monday, October 27, 2003 4:41 PM
Subject: FW: OPSEC Tip : Secure Your Personal Info on TDY or Vacations


Holy Crap! I have been treating these room keys as if they were totally 
obsolete once I checked out. Gordie Breault is a retired Air Force officer 
usually who usually checks out his data before passing it along.

----------
From: <…snipped>
Sent: Monday, October 27, 2003 3:42 PM
Subject: FW: OPSEC Tip : Secure Your Personal Info on TDY or Vacations

I think there’s some valuable info here.

-----Original Message-----
From: <…snipped>
Sent: Monday, October 27, 2003 12:48 PM
Subject: FW: OPSEC Tip : Secure Your Personal Info on TDY or Vacations


This is important info for anyone who travels.
Tom

 -----Original Message-----
From:   <…snipped>
Sent:   Monday, October 27, 2003 10:37 AM
Subject:        OPSEC Tip : Secure Your Personal Info on TDY or Vacations

IMPORTANT HOTEL ROOM CARD KEY INFORMATION
Southern California law enforcement professionals assigned to detect new 
threats to personal security issues, recently discovered what type of 
information is embedded in the credit card type hotel room keys used 
through-out the industry.

Although room keys differ from hotel to hotel, a key obtained from the 
"Double Tree" chain that was being used for a regional Identity Theft 
Presentation was found to contain the following the information:

a.. Customers (your) name
b.. Customers (your) partial home address
c.. Hotel room number
d.. Check in date and check out date
e.. Customers (your) credit card number and expiration date!
When you turn them in to the front desk your personal information is there 
for any employee to access by simply scanning the card in the hotel scanner.

An employee can take a hand full of cards home and using a scanning device, 
access the information onto a laptop computer and go shopping at your expense.

Simply put, hotels do not erase these cards until an employee issues the 
card to the next hotel guest. It is usually kept in a drawer at the front 
desk with YOUR INFORMATION ON IT!!!!

The bottom line is, keep the cards or destroy them! NEVER leave them behind 
and NEVER turn them in to the front desk when you check out of a room. They 
will not charge you for the card. (Information courtesy of: Sergeant K. 
Jorge, Detective Sergeant, Pasadena Police Department)

Privacy Act - 1974 as amended applies - If this memo contains personal 
information it must be protected IAW DoD 5400.1-R as For Official Use Only 
(FOUO)

CAUTION: For your protection, avoid sending identifying information, such 
as account, Social Security, or card numbers to others. Further, do not 
send time-sensitive, action-oriented messages, such as transaction orders, 
fund transfer instructions, etc, as such items sent electronically may not 
be able to be responded to due to leave, TDY, etc. Electronic mail sent 
through the internet is not secure and could be intercepted by a third party.

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)