Marriott says data breach left more than 5 million passports vulnerable

|
Marriott sign
Photo Credit: Andrea Delbo/Shutterstock

Marriott International on Friday released an update on its data security breach, with further data analysis revealing that around 5.25 million of the roughly 25.5 million passport numbers exposed during the incident were unencrypted. 

Concurrently, the company reported that fewer guests had been affected by the breach than previously assessed. Marriott said that it had identified "383 million records as the upper boundary for the total number of guest records that were involved," versus an original estimate of 500 million.

Marriott divulged a data security breach of its Starwood network dating back to 2014 in November.  In addition to passport numbers, the breach exposed names, mailing addresses, phone numbers, email addresses and payment card numbers, among other personal information. 

Marriott estimates that approximately 8.6 million unique payment card numbers, all of which were encrypted, were involved.

In response to concerns over passport number-related fraud, Marriott is bolstering its customer support efforts. In addition to providing continued access to a dedicated website and call center, the company is putting together a system to "refer guests to the appropriate resources ... to see if they were included in the set of unencrypted passport numbers."

Additionally, Marriott has established a claims process for guests whose passports have been verified to be part of the unencrypted set and who suspect they may have been victims of fraud. To have a fraud claim considered for reimbursement, Marriott said guests can "mail a summary of what happened and what your request is along with documentation of any expenses" to addresses listed on their dedicated website.

Marriott had previously only pledged to conditionally reimburse guests affected by fraud for the costs associated with getting a new passport. 

Comments
JDS Travel News JDS Viewpoints JDS Africa/MI