Marriott cuts size on estimate of scale of hack

Marriott says 25 million passport numbers were stolen 5.25 million were unencrypted

On the other hand, the hackers were in Marriott's systems from 2014 to that date, so many of those cards were likely active during the database infiltration, we reckon. It was through that investigation that the company found that the initial estimate of those affected was higher than the actual number of customers who had their information exposed.

The company also now believes the hackers stole around 8.6 million encrypted payment card details, some 354,000 of which are expired.

Arne Sorenson, chief executive of Marriott, said: "We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened".

"Marriott has identified approximately 383 million records as the upper limit for the total number of guest records that were involved in the incident", the hotel chain said today.

Originally Marriott estimated that there were 500 million guests who had their information compromised but is now saying that more than 383 million records were actually involved. Because the system, it said, occasionally generates multiple records for a single guest, what the company really disclosed on Friday is that, as of right now, it basically has no idea how many people have actually been affected. This data was encrypted, the company says, and no evidence has yet surfaced to suggest the decryption keys were stolen. Of those, 354k of the cards were still unexpired by September 2018.


"There is no evidence that the unauthorized third party accessed either of the components needed to decrypt the encrypted payment card numbers", according to Marriott.

Finally, Marriott now believes around 8.6 million encrypted payment cards were impacted by the data breach.

Last but not least, Marriott said it also discovered cases where users accidentally entered their payment card numbers into the wrong reservation fields, meaning these numbers weren't encrypted, and are still accessible to hackers in cleartext. Marriott will soon enable customers to access "resources" to see whether their passport numbers were exposed. The US call center number is 1-877-273-9481. This occurred before Marriott and Starwood merged, and Marriott officials said the company has now taken the Starwood database offline and all reservations now flow through the Marriott system.

Marriott has established a dedicated website (https://info.starwoodhotels.com) and call center to answer questions guests may have about this incident. The frequently asked questions on https://info.starwoodhotels.com have been updated and may be further supplemented from time to time.

Related:

Comments

Latest news

Christian Pulisic Says Chelsea Style Played Role in Transfer Decision
Borussia Dortmund enjoyed a stunning first half of the season and now hold a six point cushion over rivals Bayern Munich. Pulisic said , "There is a feeling in the team this year that really great things can happen".

Ford Recalls Nearly 1 Million Vehicles Due To Faulty Airbag Inflator
But the automaker is recommending vehicle owners get to dealers as soon as possible for their replacement airbag, which is free. Ford says that they are now aware of any injuries associated with the passenger side frontal inflators included in this recall.

Kuldeep Can be a Real Factor for India in Overseas Tests: Kalra
The only question is whether Australia will salvage a draw on Monday or the tourists will complete a crushing 3-1 series victory. Australia won the second test in Perth by 146 runs.

LG’s 88-inches 8K OLED TVs Range for 2019 Announced
Furthermore, all 2019 OLED TVs and selected NanoCell TVs with ThinQ AI will support high frame rate (HFR) through HDMI 2 .1. While the addition of HDMI 2 .1 has huge benefits, users will need new cables to take advantage of all the new additions.

Ed Sheeran to face USA jury over Marvin Gaye plagiarism allegation
The lawsuit states: "The defendants copied the "heart" of "Let's" and repeated it continuously throughout "Thinking". The same judge is also presiding over another lawsuit brought against Sheeran in June 2018 for the same song.

Other news