Marriott says data breach impacted fewer guests, but millions of passport numbers were exposed

Marriott International announced Friday that fewer guests were impacted by a breach of its Starwood reservations database than originally announced, but that millions of unencrypted passport numbers were accessed.

The chain said in a release that it now believes as many as 383 million records were accessed in the hack, but noted that some of those records were repeats impacting the same guests. That's down from the 500 million guests originally believed to be impacted by the hack.

ADVERTISEMENT

However, Marriott said that roughly 5.25 million unencrypted passport numbers were obtained by hackers, as well as 20.3 million encrypted passport numbers.

And about 8.6 million encrypted debit and credit cards were accessed by a third party, with about 354,000 of those cards not having expired by September of last year.

Marriott noted that there is no evidence that the hackers were able to decrypt the encrypted passport and payment card numbers.

Organizations will often lower the number of the parties impacted in a breach after investigating the hack further.

Marriott's disclosure of the massive breach late last year quickly sparked calls for a federal privacy standard.

Congress is expected to take up privacy legislation in the coming months, including bills from Sen. Brian SchatzBrian Emanuel SchatzSchumer seeks focus on health care amid impeachment fever CNN catches heat for asking candidates about Ellen, Bush friendship at debate NBA draws bipartisan backlash over China response MORE (D-Hawaii) and Sen. Joe KennedyJoseph (Joe) Patrick KennedyOcasio-Cortez taps supporters for donations as former primary opponent pitches for Kennedy The 13 House Democrats who back Kavanaugh's impeachment Rep. Joe Kennedy has history on his side in Senate bid MORE (R-La.).