25M passport numbers stolen in Marriott data breach
Passport numbers of more than 25 million guests at the Starwood chain of hotels were stolen by hackers in November, Marriott announced Friday as the world’s largest hotel company comes to terms with the scope of the data breach.
The Bethesda, Md., company acknowledged for the first time that 5.25 million of those passport numbers were unencrypted — or not coded to prevent unauthorized access. More than 20 million were encrypted. No evidence has yet surfaced that the hackers accessed the master encryption key needed to decrypt those passport numbers.
If the hackers were Chinese intelligence agents, as security experts have suggested, the passport data could be particularly damaging because it would allow a foreign power to identify and track the movements of government and business travelers. China is reported to be assembling a database on individuals that could be useful in cyber warfare.
The breach also included dates of birth and credit card numbers, as well as contact information such as mailing addresses and email addresses.
The incident involved about 383 million records of guests who made a reservation at Starwood properties on or before Sept. 10, 2018, the company said. That’s fewer than the original figure of 500 million guests the company had announced as affected, but it still ranks the breach as one of the largest in history. ..Read More..