On the plus side no biometrice involved.
Then a compromised database could cost you some fingers.
Re: Sabre SynXis central reservation system (CRS)
Sabre backend, someone with Admin cred's managed to access encrypted data for quite a few months.
Does chip & PIN have a bearing on this kind of threat or are we all at risk?
Chip and Pin
While Chip and Pin is not actually a security system, more a "shift blame to customers whilst reducing security system" the mechanics means that the Pin number is not stored when you use it.
With contactless you are also pretty safe (from the Sabre story anyway) details of the card are not stored at the point of sale.
That is if the $10 reader you put your card in is actually legit and not made by the guy who is stealing your details (whilst smiling at you)
From next May, if an EU citizen's personal data were to be leaked by a PoS in the US would GDPR apply? After all, the US want their laws to apply here so why shouldn't ours apply there?
Re: Hypothetical musing
Looks like it...
Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
Hard Rock Hotel hotel caught between a Rock and a Hard place
Sorry, just couldn't resist