Marriott Admits 5 Million Guest Passport Numbers Taken by Hackers Were Not Encrypted

By Paul Riegler on 4 January 2019
  • Share

IMG_3916 (1)Marriott International said on Friday that fewer members of its Starwood guest loyalty program were affected in a massive data breach than initially feared but conceded that it had not encrypted the passport numbers for over five million people.

Experts believe that the attack on Starwood’s systems were undertaken by Chinese intelligence agencies.

In November, Marriott reported that one of its reservations systems had been hacked, compromising the personal details of up to 500 million guests.

The incident remains one of the largest data breaches in history, rivaled only by the 2013-2014 attack on Yahoo, and the largest to happen to a company in the travel industry.

The hotelier said in a statement on Friday that the number of guests involved in the data breach is lower than the original 500 million, but it failed to provide a specific number.  It did however state that a total of approximately 383 million records was the “upper limit”for the total number of compromised guest records, information that would include passport numbers, e-mail addresses, and credit-card data in some cases.  As there may be multiple records for the same guest, it believes that it is unlikely that 383 million people were affected.

Marriott said it believes that 5.25 million unencrypted passport numbers and 20.3 million encrypted passport numbers were accessed by the hackers and that 8.6 million encrypted payment cards were involved as well.

“The company is not able to quantify that lower number because of the nature of the data in the database,” it said in the release.

“As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers’ concerns and meet the standard of excellence our customers deserve and expect from Marriott,” the hotelier’s CEO, Arne Sorensen, said in a statement.

Marriott merged with Starwood in 2016. The data breach only affected hotels that were formerly under the Starwood brand, which include Sheraton, W Hotels, Westin, Le Méridien, Four Points by Sheraton, Aloft, St. Regis, and Element.

(Photo: Accura Media Group)

Accura News

Read previous post:
Herb Kelleher, Southwest Airlines Co-Founder, Dies at 87

Herb Kelleher, the co-founder of Southwest Airlines whose vision for low-cost air travel transformed an industry, died Thursday at the...