Marriott breach included 5 million unencrypted passport numbers


Hospitality giant Marriott said less people than originally anticipated were affected by a breach of its Starwood Hotels reservation system.

In addition to passport data, which some theorise could be used by malign actors to track worldwide travellers, approximately 345,000 unexpired payment cards were stored by the company.

"Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014".

The data stolen included passport numbers, emails, dates of birth, gender and mailing addresses. The company recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.

Marriott now believes that approximately 8.6 million encrypted payment cards were involved in the incident.

More news: PM Khan arrives in Turkey for two-day visit
More news: MPs Threaten Government Shutdown to Stop No Deal Brexit
More news: John Legend Calls R. Kelly "Serial Child Rapist"

"This does not, however, mean that information about 383 million unique guests was involved, as in many instances, there appear to be multiple records for the same guest", according to the new statement.

After consulting internal and external investigators, the world's largest lodging company now believes that no more than 383 million customers - and probably fewer - had their data exposed to unauthorized parties, Marriott said Friday in a statement.

In addition, Marriott said approximately 5.25 million unique unencrypted passport numbers and approximately 20.3 million encrypted passport numbers were involved in the breach. Marriott will soon enable customers to access "resources" to see whether their passport numbers were exposed. Marriott now says it has identified approximately 383 million records as the "upper limit for the total number of guest records that were involved". They go on to say that there is no evidence that the third-parties had access to the key to decrypt these payment cards. The company is continuing to analyze these numbers to better understand if they are payment card numbers and, if they are payment card numbers, the process it will put in place to assist guests. They have also stated that customers can contact the listed phone numbers in order to receive a method to check if your passport numbers was one of the ones that was stored unencrypted in the database.

Fox Business foreign policy analyst Walid Phares and former National Security Council chief of staff Fred Fleitz discuss how Secretary of State Mike Pompeo confirmed that China was behind the massive security breach in Marriott's guest system.

With today's press release, Marriott also announced that it phased out the Starwood reservations system -the system that got hacked.