Marriott International says that the total number of guests affected by a massive hacking of a reservations database that the company disclosed late last year is smaller than the 500 million it originally reported.
The Bethesda-based hotel company, the largest in the world, now believes that about 383 million guests were involved. Its investigation team used internal and external forensics to determine that about 383 million customer records were involved in the data breach, and in some cases that included multiple records for the same guests.
Marriott also now believes that about 5.25 million unencrypted passport numbers were included in those records. Approximately 20.3 million encrypted passport numbers were also compromised. But the company says there is no evidence that the unauthorized and unidentified third party accessed the master encryption key needed to decrypt the encrypted passport numbers.
Additionally, approximately 8.6 million encrypted payment cards were involved in the breach, but there is no evidence that the hackers have the mechanism to decrypt those numbers. Marriott says a small number—fewer than 2,000—unencrypted payment card numbers may have been accessed.
“We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened,” Marriott CEO Arne Sorenson said in a written statement. “As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers’ concerns and meet the standard of excellence our customers deserve and expect from Marriott.”
The company determined on Nov. 19 that a third party had gotten unauthorized access to a Starwood guest reservations database. Marriott acquired Starwood in 2016. When it announced the breach on Nov. 30, it said it believed the incident involved about 500 million guests who made a reservation at a Starwood property on or before Sept. 10.
Source: Read Full Article