In an update on last year’s announcement that the data of millions of Marriott guests had been compromised, the hotel company has said it believes approximately 5.25 million unencrypted passport numbers were accessed.
Marriott announced in November 2018 that the data of approximately 500 million guests had been compromised through the Starwood reservations database. Marriott acquired Starwood in 2016.
The group has now confirmed it believes the number is lower than originally estimated and that fewer than 383 million guest records were involved.
Approximately 8.6 million encrypted payment cards were involved in the incident. Of that number, approximately 354,000 payment cards were unexpired as of September 2018. There is no evidence that the unauthorised third party accessed either of the components needed to decrypt the encrypted payment card numbers.
The information accessed also includes approximately 20.3 million encrypted passport numbers. Similarly, there is no evidence that the third party accessed the master encryption key needed to decrypt these passport numbers.
Arne Sorenson, Marriott’s president and chief executive, said: “We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened. As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers’ concerns and meet the standard of excellence our customers deserve and expect from Marriott.”
Marriott International has a portfolio of more than 6,700 properties spanning 129 countries and territories, with 30 hotel brands.