Click For Photo: https://regmedia.co.uk/2018/04/25/keycard.jpg
Hotel megachain Marriott International has gone into further detail on the cyber-raid on its reservation database, including the number of payment cards and passport details siphoned off by hackers.
In an update today to its November 30 disclosure, Marriott now says the (allegedly Chinese) miscreants who broke into its Starwood guest database made off with a total of 5.25 million unencrypted passport numbers and 20.3 million encrypted numbers.
Passport - Numbers - Information - Numbers - Names
While the passport numbers would be considered sensitive personal information that should not be made public, the numbers and names of guests alone would not be enough for a criminal to create a forged passport. Still, Marriott will be covering the cost for anyone who has had to get a new passport as a result of the data theft.
In addition to the passport numbers, Marriott says the criminals made off with 8.6 million encrypted payment card numbers. While there would be the chance for fraud should those numbers be decrypted, most would be useless by now as, according to Marriott, all but 354,000 of the lifted numbers were expired by September 2018, which was when the heist was discovered. On the other hand, the hackers were in Marriott's systems from 2014 to that date, so many of those cards were likely active during the database infiltration, we reckon.
Evidence - Party - Components - Payment - Card
"There is no evidence that the unauthorized third party accessed either of the components needed to decrypt the encrypted payment card numbers," Marriott said in its statement.
If there is some good news to be had for Marriott, it is that the total number of stolen records is a bit...
Wake Up To Breaking News!
The only change you ever get from the goverment is what's in your pocket, and worth less every day.