Marriott hack update: Hotel now admits hackers got passport numbers

The Marriott hotel chain today said that a smaller number of customers were affected by a recent hack than initially estimated, but admitted that the hackers got customer passport numbers.

The hotel chain said in a statement early Friday that the number of guests involved in the data breach is lower than the original estimate of 500 million, but declined to say how many were in fact affected.

Security analysts are warning those affected that the passport data could be used to perpetrate more sophisticated forms of attack, including foreign intelligence surveillance, and could enable perpetrators to mine deeper information about each of the breach victims.

From the Wall Street Journal:

Marriott International Inc. said fewer customers were affected in a massive data breach than initially feared but confirmed that hackers had compromised the passport numbers of millions of people in what security analysts have described as a potential foreign-intelligence gold mine.

Marriott, the world's largest hotel company, disclosed in November that a hack in the reservation database for its Starwood properties may have exposed the personal information of up to 500 million guests.

Marriott said a total of about 383 million records was "the upper limit" for the number potentially compromised in the incident. That figure includes passport numbers, email addresses and payment-card data of some guests, the company said. Marriott said that in many instances, there appear to be multiple records for the same guest, meaning that it is unlikely 383 million people were affected.