Marriott cuts estimate on size of massive Starwood hack
(Reuters) — Marriott International Inc. on Friday said fewer than 383 million customer records were stolen in a massive cyberattack disclosed last month, down from its initial estimate that up to 500 million guests were affected.
The hotel operator also said that some 25.55 million passport numbers were stolen in the attack on the Starwood Hotels reservation system, 5.25 million of which were stored in plain text. Another 8.6 million encrypted payment cards were also taken in the attack, it said.
Marriott previously confirmed that passport numbers and payment cards were taken, but did not said how many.
The company disclosed on Nov. 30 that it had discovered its Starwood hotels reservation database had been hacked over a four-year period in one of the largest breaches in history. At least five U.S. states and the U.K.’s Information Commissioner's Office are investigating the attack.
Marriott also said it had completed an effort to phase out the Starwood reservations database that it acquired in September 2016 with its $13.6 billion purchase of Starwood. The hack began in 2014, a year before Marriott offered to buy Starwood.
Read Next
-
Starwood hotel chain reports monthslong data breach
Starwood Hotels & Resorts Worldwide Inc. said Friday the point of sale systems at 26 of its hotels in the United States and Canada were infected with malware, which permitted access to some of its customers' payment card data for various periods between November 2014 and June 2015.
Related Stories
-
-
Marriott’s Starwood database hacked, 500 million guests may be affected
-
-
Direct cyber incident losses from Marriott breach up to $600M: AIR
