As the company has learned more from the ongoing investigation into the matter, they’ve been doing an admirable job at keeping the public updated, even if the details are cringe-worthy.
According to the latest information, the breach of the Starwood Preferred Guest database impacted up to 383 million travelers, which is fewer than the company’s initial estimate of up to 500 million. Unfortunately, that’s the only bit of good news.
While the company initially downplayed the amount of information that was taken, they’re now saying that both credit card numbers and expiration dates were compromised. They underscored that the data was encrypted, but they also admit that they don’t yet know if the components needed to de-crypt the data in a timely fashion were also compromised. Even if they weren’t, a determined hacker could still de-crypt the information, putting every one of those card numbers at risk.
On top of that, the company has now confirmed that as many as 5.25 un-encrypted passport numbers were taken, along with more than twenty million encrypted passport numbers.
If you’re just hearing about this breach for the first time, the above is in addition to the company’s initial report that more than 327 million guests had non-payment information stolen.
The initial report included:
- Customer name
- Phone numbers
- Email addresses
- Dates they stayed at Marriott hotels, along with departure dates
- SPG account information
- Date of birth
- Other Similar Data
In short, before the most recent update, it was a serious breach by any definition. The inclusion of payment and passport information makes it even more so, even if the total number of impacted users is less than was originally estimated.
We’ll post further updates if and as they become available.