Marriott Data Breach Update: Fewer Guests Affected Than Earlier Thought

In late 2018, we reported on the data breach which affected Marriott Hotels, a chain of hotels with a global presence. At that time, it was believed that the amount of affected guests were up to 500 million. The number has now been more likely to be 383 million records.

The update was released on Friday January 4th 2019. A passage of importance in the released update is:

“When we made this announcement, our work analyzing the data involved was underway. Since that time, we have been working to remove duplicate information and to determine how many records had particular types of data present.

After further data analysis we have identified approximately 383 million records as the upper boundary for the total number of guest records that were involved in the incident. This does not, however, mean that information about 383 million unique guests was involved, as in many instances, there appear to be multiple records for the same guest. We concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database.”

After proper investigation, the Marriott team has come to some conclusions pertaining to the data involved during the breach. It has been observed that approximately 8.6 million unique payment card numbers were among the data and they were all encrypted. In addition, about 5.25 million unique unencrypted passport numbers and approximately 20.3 million encrypted passport numbers were included. The overall drop from 500 million to 383 million records may be impressive, but it still won’t offer much comfort to those affected. Who knows? Maybe these numbers are still subject to change.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients