Marriott says hackers stole more than 5 million passport numbers

Marriott International Hospitality company logo seen

Hackers stole more than 300 million records from Marriott in 2014. Igor Golovniov SOPA Images LightRocket via Getty Images

The vast number of people affected still places the Marriott data breach among the biggest hacks of personal data ever to affect one company.

Global hotel chain Marriott believes that more than five million unencrypted passport numbers were included among the data breach that came to light in November past year. Marriott will soon enable customers to access "resources" to see whether their passport numbers were exposed. Replacing a passport is much more time consuming and involved than replacing a payment card compromised in a breach, and passport numbers are quite valuable as unique identifiers.

The hotelier now estimates that up to 383 million records were pilfered in the incident, cutting the original figure after data forensics eliminated duplicates.

After consulting internal and external investigators, the world's largest lodging company now believes that no more than 383 million customers - and probably fewer - had their data exposed to unauthorized parties, Marriott said Friday in a statement.

Woodland leads Tournament of Champions, McIlroy three back
His 74 included a two-shot penalty when he hit a ball that wasn't his. "The wind was really messing with me on the greens". Countryman Day's triple bogey came after he hit two consecutive tee shots into a hazard at the hard par-three eighth hole.

The company has completed the phase out of the operation of the Starwood reservations database, effective the end of 2018. Of that number, approximately 354,000 payment cards were unexpired as of September 2018. Now, Marriott says that the number of potentially involved guests is lower than the 500 million the company had originally estimated.

In its initial disclosure in November, Marriott said that although the payment card data stolen was encrypted, it was possible that the attackers had accessed the key material needed to decrypt them. Marriott said that 5.25 million unencrypted passport numbers were part of the information that was compromised and accessed in the hack. They include W Hotels, St. Regis, Sheraton, Westin, Element, Aloft, The Luxury Collection, Le Méridien and Four Points.

Hotel megachain Marriott International has gone into further detail on the cyber-raid on its reservation database, including the number of payment cards and passport details siphoned off by hackers. They go on to say that there is no evidence that the third-parties had access to the key to decrypt these payment cards.

The reason the breach appears to have been limited to Starwood is that its guest database ran separately from the rest of the Marriott network. This occurred before Marriott and Starwood merged, and Marriott officials said the company has now taken the Starwood database offline and all reservations now flow through the Marriott system. The biz is also offering to cover a year of identity-theft monitoring service.

Latest News