Marriott Admits 5 Million Unencrypted Passport Numbers in Stolen Data
Marriott International revealed that over 5 million passport numbers stolen from its Starwood unit’s customer database were unencrypted. In a new statement, issued Friday, it also said that the number of guests involved is lower than initially thought.
Unencrypted Passport Numbers
Marriott said that approximately 5.25 million unencrypted passport numbers were amongst the data stolen during the cyber attack revealed at the end of November 2018. It said that a further 20.3 million encrypted passport numbers had been stolen but it had no evidence that the hackers had the master encryption need to decrypt those numbers.
The presence of passport numbers in the data is of particular concern. Chinese authorities are suspected of carrying out the attack (via New York Times). The Chinese government denies any involvement. Marriott has offered to pay for replacement passports for anyone who’s lost passport number is involved in fraud.
Marriott also said hackers took 8.6 million encrypted payment cards during the hack. 354,000 of them were unexpired as of September 2018, when the hackers were finally discovered. The statement explained that Marriot encrypted the payment card field. However, Marriott said it is “undertaking additional analysis to see if payment card data was inadvertently entered into other fields and was therefore not encrypted.”
Still the Biggest Hack in History
Hackers accessed Starwood’s, now a part of Marriott, customer database from 2014 until September 10th, 2018. The company said that data from 383 million unique guests was stolen. This is lower than the 500 million it initially thought were involved. The number could fall further as more duplicated data is discovered. The incident remains the largest loss of data in history.
Related
Arne Sorenson, Marriott’s President and Chief Executive Officer, said: “We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened. As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers’ concerns and meet the standard of excellence our customers deserve and expect from Marriott.”
0 Response to "Marriott Admits 5 Million Unencrypted Passport Numbers in Stolen Data"
Post a Comment