Marriott International recently said that after careful investigation by the forensic and analysis team, the number of customers affected by its big data breach has decreased from 500 million to 383 million, of which 5 million unencrypted passport number was stolen. Although Marriott’s latest disclosures are lower than before, the incident is still one of the largest personal data breaches in history.
In November last year, Marriott announced that hackers had invaded the reservation database of its Starwood hotel, and the hotel group acquired Starwood in 2016. Marriott said that the Starwood Group has been hacked since 2014.
Marriott said in a statement, “there is no evidence that the unauthorized third party accessed the master encryption key needed to decrypt the encrypted passport numbers.” Marriott has suggested that if the affected guests can prove that they are victims of a data breach, they will pay for the new passport. This could cost Marriott $577 million.