Marriott now says 5 million unencrypted passport numbers were stolen in Starwood hotel data breach

Starwoodsdata breach just got both better and worse at the same time.
Marriott, which owns hotel chain giant Starwood, said it has revised the number of customers affected by its recently disclosed data breach from 500 million to fewer than 383 million unique guests. That doesnt mean all those 383 million guests are affected, Marriott said, but the hotel giant still cant yet give a more precise number of customers whose data was stolen.
The bad news is that the company confirmed that more than five million unencrypted passport numbers were stolen, on top of the more than20 million encrypted passport numbers.
That might be a problem, given passport numbers can be used for identity theft and to commit fraud, but is the sort of data that remains highly valuable for spy agencies that can use the information to track down where government officials, diplomats and adversaries have stayed giving insight into what would ordinarily be clandestine activities.
Marriott also said that 8.6 million unique payment card numbers were taken, but only 354,000 cards were active and unexpired at the time of the breach in September.
The hotel giant said it had no evidence to show that the hackers stole the keys needed to decrypt the data, but did not say how it came to that conclusion.
Starwoods security lapse became the largest data breach last year, and remains one of the most damaging hacking incidents in recent memory.The company said the contents of the stolen data were from the Starwood guest reservation database, which it acquired when itbought Starwood and its 1,200 properties in 2016 for $13 billion.
Marriott said in its Friday update that it has completed the phase out of Starwoods reservation database and now runs guest bookings through its Marriott database, which was not affected by the breach.

Marriotts breach response is so bad, security experts are filling in the gaps at their own expense
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2020    »