Hospitality giant Marriott has announced that approximately 5.25 million unencrypted passport numbers were included in the information accessed during a data breach of its Starwood Hotel brand last year.
According to the hotel brand the information accessed also includes approximately 20.3 million encrypted passport numbers, but added that there is no evidence that the unauthorised third party accessed the master encryption key needed to decrypt the encrypted passport numbers.
The group said it is putting in place a mechanism to enable its designated call center representatives to refer guests to the appropriate resources to enable a look up of individual passport numbers, allowing guests to see if they were included in this set of unencrypted passport numbers.
On 8 September 2018, Marriott received an alert from an internal security tool regarding an attempt to access the Starwood guest reservation database in the United States, which potentially exposed the information of about 500 million guests.
However, Marriott learned during the initial investigation that there had been unauthorised access to the Starwood network since 2014. At the time, Arne Sorenson, Marriott’s president and CEO said: “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.
“Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve.”