starwood marriott cybersecurity

Marriott Concedes 5 Million Passport Numbers in the Hands of Hackers Unencrypted

Marriott’s data breach was deemed as the largest personal data hack in history, but it was worse than they realized. Recent news revealed that the passport numbers for Starwood hotel guest were not encrypted.

New Disclosure

marriott data breach cybersecurity

In late November, the Starwood guest reservation database was hacked, impacting 383 million guests marking as the largest breach of customer data in history. Marriott recently disclosed that for about 5.25 million guests, passport numbers were left unencrypted and are now in the hands of hackers.

The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies. The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA.

Unencrypted & Unprotected

marriott data breach cybersecurity

Unencrypted passport numbers are valuable to state intelligence agencies because they can be used to compile detailed summaries on people and their international movements.

“You can identify things in their past that maybe they don’t want known, points of weakness, blackmail, that type of thing,” said Priscilla Moriuchi.

In the case of China, it would allow that country’s security ministry to add to databases of aggregated information on valued individuals. Those data points include information on people’s health, finances, and travel.

By David Botti, Sameen Amin, Aaron Byrd and Jonah M. Kessel
Video Courtesy of New York Times

November News

marriott data breach cybersecurity

The data breach impacted hotel brands operated by Starwood before acquired by Marriott in 2016. The hackers compiled stolen data as they went undetected for four years, including credit card and passport numbers, birthdates, phone numbers, and hotel arrival and departure dates.

The initial estimate of impacted guests was 500 but after further investigation, the overall number of guests is around 383 million. The largest security breach on record.

Original Article Found Here.

  • 1