For years, hackers have been abusing the data of hotel guests of the Marriott Group. Even unencrypted passport numbers were among the stolen data.
The Marriott group’s massive hacking has also resulted in the capture of around 5.25 million unencrypted passport numbers. Marriott said, around 20.3 million encrypted passport numbers have been stolen too .
Stolen passport numbers could be particularly valuable to intelligence agencies, for example from China, because they could allow them to better track travel by government officials or business people, the Wall Street Journal said, citing unnamed American officials.
At the same time, the hotel group slightly decreased the estimated number of affected persons. By the end of November, Marriott had spoken of up to 500 million hotel guests. After an investigation, it was now said that there are a maximum of 383 million guest affected. The real number of people that are affected is currently unpredictable.
The hackers had also captured encrypted information about 8.6 million payment cards. Marriott has no evidence that the attackers have the necessary access to decrypt the information files according to Marriott.
Unauthorized access to the Starwood database has been around since 2014, Marriott said in November. Marriott had bought Starwood and the vulnerability in the database, in 2016 for $13.6. The IT systems of Starwood have now been retired.