It’s estimated that 15.4 million Americans were victims of identity fraud in 2016, but the hotel chain Marriott blew that number out of the water back in November when they admitted a security breach exposed the information of nearly 500 million reservations.
After further investigation, Marriott recently revealed that the number of reservations exposed is closer to 383 million. This information includes such information as consumer names, addresses, emails, phone numbers, passport information, gender, and reservations.
Luckily, these were only 383 million reservations exposed, not unique individuals. This implies that the number of people who had their information compromised is likely lower than expected.
“We concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database,” Marriott notes in its new data breach notification.
“This does not, however, mean that information about 383 million unique guests was involved, as in many instances, there appear to be multiple records for the same guest,” they clarified.
But this isn’t the worst of it. Marriott revealed a breach of almost5.3 million unencrypted passports, along with 20.3 million encrypted passport numbers.
Additionally, Marriott claimed the cybercriminals stole 8.6 million encrypted numbers for credit cards, though 354,000 of these cards expired back in September.
Hackers launched the cyber attack at Marriott’s newly acquired Starwood Hotels database. The chain claims that they will be phasing out the Starwood Reservations system, instead relying on the Marriott database for the foreseen future of the merger. According to reports, Marriott officially ceased using the Starwood Reservations system at the start of the new year.
It’s estimated that cybercrime damage and costs will hit an expected $6 trillion by the time we reach 2021. As hackers find new ways to access consumer data, it’s more important now than ever that companies protect the sensitive information of their consumers.
Marriott will be held responsible for the cost of new passports for affected individuals as long as the individual can prove that a fraud occurred. They have also taken measures to email individuals whose accounts have been breached by establishing breach call centers in 55 countries and regions.
The investigation is scheduled to continue as Marriott tries to pin down the source of the attack.
For now, investigators and some government officials think hackers from China may have been behind the security breach. United States Secretary of State Mike Pompeo is one of the government personnel who support this theory. However, Chinese officials claim the source of the attack did not come from within the state.