Marriott Says Fewer Records Stolen in Starwood Hack Than First Thought
The hotel operator also said that some 25.55 million passport numbers were stolen in the attack on the Starwood Hotels reservation system, 5.25 million of which were stored in plain text. Another 8.6 million encrypted payment cards were also taken in the attack, it said.
Marriott previously confirmed that passport numbers and payment cards were taken, but not said how many.
The company disclosed on Nov. 30 that it had discovered its Starwood hotels reservation database had been hacked over a four-year period in one of the largest breaches in history. At least five U.S. states and the UK’s Information Commissioner’s Office are investigating the attack.
Marriott also said that it had completed an effort to phase out the Starwood reservations database that it acquired in September 2016 with its $13.6 billion purchase of Starwood. The hack began in 2014, a year before Marriott offered to buy Starwood.
(Reporting by Jim Finkle in New York; editing by Grant McCool)
Related:
- AIR Estimates Marriott Cyber Breach Direct Losses Could Reach $600 Million
- Doubts About Hotel Industry Cyber Security Pre-Date Marriott Hacking
- Marriott CFO Says Too Early to Estimate Cyber Breach Costs
- Marriott Starwood Data Breach Highlights Silent Cyber Risk in Acquisitions
- Marriott Starwood Assessing Impact of 4-Year Long Data Breach