Marriott now says 5 million unencrypted passport numbers were stolen in Starwood hotel data breach

From TechCrunch: Starwood’s data breach just got both better and worse at the same time.

Marriott, the parent company of hotel chain giant Starwood, said it has revised down the number of customers affected by its recently disclosed data breach from 500 million to “fewer than 383 million unique guests.” That doesn’t mean all those 383 million guests are affected, Marriott said, but the hotel giant still can’t yet give a more precise number of customers whose data was stolen.

The bad news is that the company confirmed that more than five million unencrypted passport numbers were stolen, on top of the more than 20 million encrypted passport numbers.

That might be a problem, given passport numbers can be used for identity theft and commit fraud, but is the sort of data that remains highly valuable for spy agencies who can use the information to track down where government officials, diplomats, and adversaries have stayed — giving insight into what would ordinarily be clandestine activities.

Marriott also said that 8.6 million unique payment card numbers were taken, but only 354,000 cards were active and unexpired at the time of the breach in September.

The hotel giant said it had “no evidence” to show that the hackers stole the keys needed to decrypt the data, but did not say how it came to that conclusion.

View: Article @ Source Site