Published: Sun, January 06, 2019
Markets | By Otis Pena

Fewer affected in Marriott hack, but passports were accessed

Fewer affected in Marriott hack, but passports were accessed

The company said the contents of the stolen data were from the Starwood guest reservation database, which it acquired when it bought Starwood and its 1,200 properties in 2016 for $13 billion.

Marriott discovered unauthorized access on a Starwood guest reservation database on November 19.

Anyone who believes their personal information to have been involved in the data theft is advised to visit Marriott's support site.

"Working closely with its internal and external forensics and analytics investigation team, Marriott determined that the total number of guest records involved in this incident is less than the initial disclosure", Marriott stated in their update. Marriott says it has identified approximately 383 million records as the upper limit for the total number of guest records that were involved in the incident.

When Marriott revealed the attack on November 30, it said hackers had used a breach in the Starwood Hotels & Resorts reservation database to gain access to records for as many as 500 million guests. The company originally estimated that 500 million guests had their information compromised but is now saying that more than 383 million records were actually involved.

The stolen data in Marriott's breach included names, addresses, phone numbers, credit card information, emails, passport numbers and travel details.

MLB Rumors: Zach Britton, Yankees Agree To Three-Year Contract
They've also signed Andrew McCutchen and traded for Jean Segura , two players known for their durability and consistency. The Phillies bolstered their bullpen, signing one of the most consistent relievers in the game Thursday.


Marriott said it had no evidence to suggest that the perpetrators had the master encryption key to unlock encrypted data.

In addition, the company now believes that about 8.6 million encrypted payment cards were involved in the incident. Of that number, approximately 354,000 payment cards were unexpired as of September 2018. They go on to say that there is no evidence that the third-parties had access to the key to decrypt these payment cards.

While the payment card field in the data involved was encrypted, Marriott is undertaking additional analysis to see if payment card data was inadvertently entered into other fields and was therefore not encrypted. Marriott said there's a chance that "a small number (fewer than 2,000)" of unencrypted payment card numbers were also exposed, but it's still investigating.

Marriott said its call center reps will soon be able to help customers figure out if their passport number was exposed. This occurred before Marriott and Starwood merged, and Marriott officials said the company has now taken the Starwood database offline and all reservations now flow through the Marriott system. The call center is open seven days a week and is available in multiple languages.

This data breach began in 2014, roughly one year before Marriott International offered to purchase the Starwood hotel chain.

Like this: