Jeff Deal reports:
Investigators learned a worker at the Swan and Dolphin Resort on Walt Disney World property was snooping through personal information of others.
Investigators said 26-year-old Bryant Plosch, a security officer at the resort, was supposed to use the database to protect guests. Instead, officials said they caught him logging in from his home computer and going through files.
Read more on WFTV.
Now what database did this resort have access to that has people’s Social Security numbers, home addresses and bank accounts? Sounds like a credit reporting database, but the reporter says that according to court records, “the resort uses the database to run license plates to match up with guests.” A credit report doesn’t have license plate numbers, or does it?
UPDATE: A commenter who asserts the employee was only testing the software’s accuracy reports that the database in question is TransUnion’s TLOxp service.
WFTV says: “None of the 25 victims were guests at the hotel, officials said”. So my guess is he accessed empoyer records of coworkers.
I thought of that, too, but then why are they talking about a database that they use to confirm/match up guests’ license plate numbers? That wouldn’t be in the employee/personnel database. Something’s screwy somewhere.
As an insider in the issue, Bryant Plosch only looked family and friends to test the software’s accuracy and because using it at the busy hotel was out of the question, Besides all the information shown in such database is in the public record database so it really isn’t a threat to anybody’s identity. What they should worry about is about the employer, Dean Mazzoli as well as housekeeping and a few security officers committing theft of guests’ personal items including but not limited to credit cards, jewelry and many other high-value items. It seems like Mr. Plosch uncovered the theft ring among these employers. So in order to discredit him, they had to resort to slandering and defaming the innocent officer so their theft goes by unnoticed and unreported. Mr. Mazzoli as the manager, is fully aware of the theft being committed on a daily basis but doesn’t want to report the perpetrators or say anything about the issue because he is getting a nice cut of the items being stolen right out of guests’ rooms, the lost and found room and rooms’ safes. It is a shame to see somebody innocent lose their job, family and friends and being accused is being accused of (which by the way these are only a few, of the ones I know for a fact) are being done by Mr. Mazzoli, security officers of poor work ethic, and housekeeping attendants. They should really go down to the source of this, starting by the manager and his minions.
SSN and bank account info aren’t publicly available, and no one has the right to use a database to access people’s personal info like that without their consent or legal authorization. Trying to point out other possible problems at the resort does not satisfactorily explain why this employee was accessing info he seemingly should not have been accessing.
Do you happen to know the name of the database he was accessing to “test the software?”
It is called, “TLOxp”. you can find it on the internet and it is suppose to be used by Law Enforcement and Attorneys and people with higher power. The site will tell you what is contained in a report.
Thank you.
Dissent,
What do you think about the website and the accusations against the employee?
Hate to intrude… I have no comment on much of anything but the software. The software seems (upon a couple of reads) to show relationships based on metadata (email, Lic plates, phone numbers called, dates and other forms of communications). Not all of which is in the public. Sounds like a spokeo on steroids combined with the info from a credit check company, DMV database and more.
In the country I live in, cops get fired for looking up friends and family in their database. Revenue agency employee’s get fired for looking up friends and family in the Revenue Agencies database. Nurses and doctors get fired for peeping in on files of patients that aren’t theirs.
I would assume a similar incident as described above would get a hotel security person fired as well.
That aside, my questions are this:
Where are they getting the metadata for this program/software? From apps? Telco’s/cellco’s? Marketers? Spokeo?
My other question is, is this software/service available only in the U.S.? I couldn’t find the answer on the website.
What credentials must one give in order to get access to this database and/or use the software? It doesn’t seem like much to me. Just being a business appears to be the minimum qualification.
Seems cost is based per search, 1$ to 5$ depending on the level of detail one requests from the software. Could the person in question have incurred hundreds of dollars in charges looking up friends, family, and maybe lovers and ex-girlfriends in multiple ways? Seems the software allows different levels of searches and depth. 25 people looked up 10 different ways is more than 125$.
Not knocking the young guy, but when it details relationships like this apparently does (based on metadata) the potential for abuse and invasion of privacy is there (to me).
Were the “friends and family” (the 25+ people) all notified as to the exact details that were released?
Why does the resort need to match up Lic plates to people? Seems like some sort of profiling going on at this resort as well (i guess for security reasons, after the fact). When I think resort around Disney, I think lots of rented cars. But to enter rented car plates into some transunion profiling database does what exactly? It may not even match up with the person renting the room, but would maybe match to a spouse. That’s some major tracking.
Something seems funny. Or am I missing something?
You’re not missing much. This appears to be a data broker service similar to other data broker services. Many of them have a requirement that your business have a legitimate purpose in being able to access such data. Of course, as we saw with the Court Ventures/U.S. InfoSearch mess, as we saw with Rodney St. Fleur and the LexisNexis database, and as we saw with all of the Experian breaches I’ve reported, such requirements are not a complete bar to criminals accessing information they should not be accessing.
Although one commenter defends the employee, it appears that at the very least, he likely violated acceptable use of the database in terms of any agreement he signed with his employer. Even if he looked up “friends and family,” that’s still a privacy breach if they didn’t consent in advance. Further, it’s likely prosecutable under our federal law (CFAA) as hacking (exceeding authorized access), although I am not a lawyer.
There is no need to defend. If you research and get your facts together (as well as using common sense) you can see the funny issue at hand. Why would the hotel have access to this software/website. More importantly, why would they give access to anybody working there? Apparently only certain people have received letter for possible intrusion. The fact of the matter is, I went on TLOxp, paid the fee and was able look up different things however bank accounts were not even an option and ssn was all x’d out. So it’s just a reminder that in order to defame and slander someone and cause this person the stigma, to research and look up different angles to see what actually happened. It’s not rocket science, just a serious lack of common sense and lots of ingenuity of some people