In an update on the massive data breach that happened last year, Marriott has said that the breach affected a lesser number of guests than previously thought. But in addition, Marriott has said that 5.25 million unencrypted passport numbers were also included in the information accessed during the data breach last year.
The owner of the Starwood chain stated in its post that the number of records that were compromised is approximately 383 million. These records, however, were not unique. It included multiple records for the same guest.
Although the revised number of records compromised is a bit of a relief for the hotel chain, it is now believed that approximately 5.25 million unencrypted passport numbers were also accessed in the breach. Moreover, among the information accessed approximately 20.3 million encrypted passport numbers were stolen. “There is no evidence that unauthorized third party accessed the master encryption key needed to decrypt the encrypted passport numbers,” declared the Marriott post.
The cybersecurity compromise was one of the biggest leaks last year where approximately 8.6 million encrypted payment cards were involved. Off these 354,000 were unexpired as of September 2018. As of now, the Starwood reservations database has been discontinued.