Marriot data breach impact lowered after forensics.
Marriott has lowered its estimate on the number of guests whose passport numbers and payment card data were impacted in its recent data breach. The hospitality company confirmed in November that there had been unauthorized access to its Starwood guest reservations database from 2014 up to September 2018, it said that up to 500 million guests were potentially impacted. After de-duping the information, Marriott revised the number and stated that 383 million records were involved in the incident, with multiple records associated to the same individual in many cases.
5.25 million unencrypted passport numbers were included in the breach, along with 20.3 million encrypted passport numbers. What that means is that 5.25 million individuals are essentially exposed to cybercrime and economic espionage. The lines between the physical world and cyberspace are blurring as computer intelligence gathering and human intelligence-gathering merges. The Chinese can now track individuals as they travel and leverage physical and cyber assets to spy on them. This breach is the tipping point that the new Congress may use to mandate federal data breach reporting.
About 8.6 million encrypted payment cards were also were also included in the breach, with 354,000 payment cards that the hotel chain said were unexpired as of September 2018. Marriott also said that it believes that there may be fewer than 2,000 15-digit and 16-digit numbers that guests may have entered into other fields in the input form that might be unencrypted. Marriot stated that they want to provide their customers and partners with updates based on their ongoing work to address this incident as they try to understand as much as we possibly can about what happened. As Marriot near the end of the cyber forensics and data analytics work, the company stated that it has taken its Starwood reservation system offline and migrated all reservations to a separate in-house Marriott system.