This post contains references to products from one or more of our advertisers. We may receive compensation when you click on links to those products. For an explanation of our Advertising Policy, visit this page.
Marriott executives said on Friday that the hotel chain’s massive four-year breach of its Starwood reservation database did not affect as many customers as it had originally thought. The world’s largest hotel chain lowered its estimate of customers with personal information stolen to about 383 million, down from 500 million.
But just as noteworthy was Marriott’s disclosure that more than 5 million of its customers’ passport numbers were taken from its database had not been encrypted. Hackers took those passport numbers — along with approximately 20.3 million encrypted passport numbers — in a cyberattack that lasted from 2014 to 2018, which Marriott disclosed on Nov. 30, 2018.
“It’s not responsible to fail to encrypt information on passports,” cyber security expert Adam Levin told TPG. “Passport information is pretty sensitive. It’s pretty much like driver’s license information, and fake passports — that’s a big business.”
Passport numbers can be used in conjunction with other pieces of personal information to commit identity theft. They can also be used to track US citizens entering and exiting other nations.
“Even if it was 100,000 passports — that’s big — and we’re talking about 5 million,” Levin said, noting that Marriott didn’t take action in preventing information theft for its customers. “You’re not minimizing the risk of exposure of people who have voluntarily handed you information and trusted you with that information.”
Marriott has offered to reimburse travelers who have to pay the $110 fee to get a new travel documents as a result of the breach.
The passport numbers, along with approximately 8.6 million encrypted payment cards, are believed to have been taken by Chinese hackers as part of a widespread effort that experts believe is on behalf of China’s Ministry of State Security, which is the nation’s spy agency.
China-backed hackers have also breached US health insurers and security clearance files to steal sensitive information from millions more Americans, the New York Times reported.
US President Donald Trump’s administration is reportedly planning to declassify intelligence documents that show beginning in 2014, China has been building “a database containing names of executives and American government officials with security clearances.” These accusations have striking similarities to the details of Marriott’s breach: It also began in 2014, and the hackers encrypted customers’ personal information, creating their own database of Starwood guests’ data.
Marriott said Friday that it has officially phased out any use of the Starwood database, and all reservations are now processed through the Marriott system.
But Levin says this type of breach could happen again, as hospitality point-of-sale systems are a prime target for sabotage by hackers. “An industry which knows it is a target hasn’t been protective of the kind of information that it has,” he says.
If you’re information has been taken in the Marriott breach, you can read here how to protect yourself.
Featured image by Miguel Candela/SOPA Images/LightRocket via Getty Images.
Know before you go.
News and deals straight to your inbox every day.
WELCOME OFFER: 60,000 Points Terms Apply.
TPG'S BONUS VALUATION*: $1,200
CARD HIGHLIGHTS: Delta Sky Club and Centurion lounge access, $200 annual airline fee credit and up to $200 in Uber credits annually
*Bonus value is an estimated value calculated by TPG and not the card issuer. View our latest valuations here.
- Earn 60,000 Membership Rewards® points after you use your new Card to make $5,000 in purchases in your first 3 months.
- Enjoy Uber VIP status and free rides in the U.S. up to $15 each month, plus a bonus $20 in December. That can be up to $200 in annual Uber savings.
- 5X Membership Rewards® points on flights booked directly with airlines or with American Express Travel.
- 5X Membership Rewards points on prepaid hotels booked on amextravel.com.
- Enjoy access to the Global Lounge Collection, the only credit card airport lounge access program that includes proprietary lounge locations around the world.
- Receive complimentary benefits with an average total value of $550 with Fine Hotels & Resorts. Learn More.
- $200 Airline Fee Credit, up to $200 per calendar year in baggage fees and more at one qualifying airline.
- Get up to $100 in statement credits annually for purchases at Saks Fifth Avenue on your Platinum Card®. Enrollment required.
- $550 annual fee.
- Terms Apply.
- See Rates & Fees