Marriott International Inc. said on Friday that fewer than 383 million customer records were stolen in a massive cyber attack disclosed last month, down from its initial estimate that up to 500 million guests were affected.
The hotel operator also said that some 25.55 million passport numbers were stolen in the attack on the Starwood Hotels reservation system, 5.25 million of which were stored in plain text. Another 8.6 million encrypted payment cards were also taken in the attack, it said.
Marriott previously confirmed that passport numbers and payment cards were taken, but not said how many.
The company disclosed on Nov. 30 that it had discovered its Starwood hotels reservation database had been hacked over a four-year period in one of the largest breaches in history. At least five U.S. states and the UK’s Information Commissioner’s Office are investigating the attack.
Marriott also said that it had completed an effort to phase out the Starwood reservations database that it acquired in September 2016 with its $13.6 billion purchase of Starwood. The hack began in 2014, a year before Marriott offered to buy Starwood.
(Reporting by Jim Finkle in New York; editing by Grant McCool)
- AIR Estimates Marriott Cyber Breach Direct Losses Could Reach $600 Million
- Doubts About Hotel Industry Cyber Security Pre-Date Marriott Hacking
- Marriott CFO Says Too Early to Estimate Cyber Breach Costs
- Marriott Starwood Data Breach Highlights Silent Cyber Risk in Acquisitions
- Marriott Starwood Assessing Impact of 4-Year Long Data Breach
Was this article valuable?
Here are more articles you may enjoy.