Marriott International on Friday released an update on its
data security breach, with further data analysis revealing that around 5.25
million of the roughly 25.5 million passport numbers exposed during the incident
Concurrently, the company reported that fewer guests had
been affected by the breach than previously assessed. Marriott said that it had
identified "383 million records as the upper boundary for the total number
of guest records that were involved," versus an original estimate of 500
Marriott divulged a data security breach of its Starwood
network dating back to 2014 in November.
In addition to passport numbers, the breach exposed names, mailing addresses,
phone numbers, email addresses and payment card numbers, among other personal
Marriott estimates that approximately 8.6 million unique
payment card numbers, all of which were encrypted, were involved.
In response to concerns over passport number-related fraud,
Marriott is bolstering its customer support efforts. In addition to providing
continued access to a dedicated website and call center, the company is putting
together a system to "refer guests to the appropriate resources ... to see
if they were included in the set of unencrypted passport numbers."
Additionally, Marriott has established a claims process for
guests whose passports have been verified to be part of the unencrypted set and
who suspect they may have been victims of fraud. To have a fraud claim
considered for reimbursement, Marriott said guests can "mail a summary of
what happened and what your request is along with documentation of any expenses"
to addresses listed on their dedicated website.
Marriott had previously only pledged to conditionally
reimburse guests affected by fraud for the costs associated with getting a new