Rippleshot Blog

Marriott Breach Update: Encrypted Credit Cards Impacted

Posted by Anna Kragie on Jan 4, 2019 1:19:05 PM

The latest report to come out of the Marriott data breach was a mixed bag of good news, bad news. The good news?The breach doesn't appear to have impacted as many people as originally thought. The bad news? An estimated 5.25 million unencrypted passport numbers, along with an estimated 8.6 million encrypted credit cards were stolen.

From what's been publicly reported, of those estimated 8.6 million credit cards, all but 354,000 were expired. It's believed that  2,000 unencrypted card numbers may have been stolen as part of the data breach. The even more damaging news from the company is about the massive amount of passport numbers that are suspected to have been stolen. Another 20.3 million encrypted passport numbers were stolen, but reports indicate that data from those passports was likely not fully compromised. 

Marriott officials said Friday (Jan. 4) that the estimated number of guests impacted is closer to 383 million consumers, which is down from the originally estimated 500 million. 

“It boggles the mind,” Mark Weatherford, former deputy undersecretary for cybersecurity at the Department of Homeland Security, told NBC News in an interview. “Why was 20 percent of their sensitive passport data unencrypted?”

“This is not simply credit card information that is easily changed,” Weatherford said. “This is incredibly sensitive and personal identification information that can be abused.”

The FBI is currently investigating the data breach as it's believed the hackers were working for the Chinese Ministry of State Security. It’s been reported that this breach dates back to 2014 and was not detected until September 10, 2018. According to the FTC, Impacted properties include: Starwood brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Le Méridien Hotels & Resorts, and other hotel and timeshare properties. 

Within that scope, the breach is believed to have given hackers access to names, addresses, phone numbers, email addresses, passport numbers, birthdates, gender, Starwood loyalty program account information and reservation details. Marriott has indicated they will pay for replacement passports for impacted consumers.