5m passport numbers included in data breach
GLOBAL HOTEL chain Marriott believes that more than five million unencrypted passport numbers were included among the data breach that came to light in November last year.
Further investigation into the incident, which hit the reservation system of the company’s Starwood portfolio in 2014, estimates that a total of 5.25 million unencrypted passport numbers were obtained, as well as 20.3 million encrypted passport numbers.
The company also estimates that around 8.6 million encrypted payment cards were obtained.
Marriott said it had no evidence to suggest that the perpetrators had the master encryption key to unlock encrypted data.
The database also stored information including dates of birth, names, addresses and phone numbers. Overall, the company now thinks the number of guest records involved is fewer than the previous 500 million estimate, identifying 383 million records as the “upper limit”. This number could fall further when factoring in duplicate records, Marriott said.
“We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened,” said Arne Sorenson, Marriott president and chief executive.
Starwood hotels, which include Trump Turnberry in Ayrshire, London’s Park Lane Sheraton Grand, Westbury Mayfair and Le Meridien Piccadilly, have ceased using their own reservation database since the end of 2018 and have now integrated with the Marriott system.