Marriott Hackers Stole More Than 5M Unencrypted Passport Numbers

Gladys Abbott
January 6, 2019

Marriott now says it has identified approximately 383 million records as the "upper limit for the total number of guest records that were involved".

Anyone who believes their personal information to have been involved in the data theft is advised to visit Marriott's support site.

- Marriott says fewer guest records than originally thought were accessed during a data security breach reported a year ago but did confirm there was unauthorized access to millions of passport numbers during the incident.

On Friday, Marriott officials said that the investigation into the compromise has revealed that more than five million plaintext passport numbers were accessed during the intrusion. Marriott will soon enable customers to access "resources" to see whether their passport numbers were exposed.

Hackers stole more than 300 million records from Marriott in 2014.

After consulting internal and external investigators, the world's largest lodging company now believes that no more than 383 million customers - and probably fewer - had their data exposed to unauthorized parties, Marriott said Friday in a statement. However, the company said that number is likely still too high because it counts multiple compromised records belonging to a single guest. "On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database", the Marriott statement from November says.

More news: Chinese language Rover Lands Safely On Far Facet Of Moon

Marriott also said that 8.6 million unique payment card numbers were taken, but only 354,000 cards were active and unexpired at the time of the breach in September.

However the company also disclosed that unencrypted passport numbers of 5.25 million people were accessed by hackers, along with potentially 20.3 million encrypted passport numbers. That system had been used at Marriott subsidiary Starwood, and its smaller brands, including W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.

"There is no evidence that the unauthorized third party accessed either of the components needed to decrypt the encrypted payment card numbers", according to Marriott.

The security breach will mean the end of the road for the Starwood Reservations system at the center of the hack.

"With the completion of the reservation systems conversion undertaken as part of the company's post-merger integration work, all reservations are now running through the Marriott system".

Other reports by LeisureTravelAid

Discuss This Article

FOLLOW OUR NEWSPAPER