Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
Source: New York Times
Marriott Concedes 5 Million Passport Numbers Lost to Hackers Were Not Encrypted
By David E. Sanger
Jan. 4, 2019
WASHINGTON Marriott International said on Friday that the biggest hacking of personal information in history was not quite as big as first feared, but for the first time conceded that its Starwood hotel unit did not encrypt the passport numbers for roughly five million guests. Those passport numbers were lost in an attack that many outside experts believe was carried out by Chinese intelligence agencies.
When the attack was first revealed by Marriott at the end of November, it said that information on upward of 500 million guests may have been stolen, all from the reservations database of Starwood, a major hotel chain Marriot had acquired. But at the time, the company said that the figure was a worst-case scenario because it included millions of duplicate records.
On Friday the firm said that teams of forensic and data analysts had identified approximately 383 million records as the upper limit for the total number of guest reservations records lost, though the company still says it has no idea who carried out the attack, and it suggested the figure would decline over time as more duplicate records are identified. The revised figure is still the largest loss in history, greater than the attack on Equifax, the consumer credit-reporting agency, which lost the drivers license and Social Security numbers of roughly 145.5 million Americans in 2017, leading to the ouster of its chief executive and a huge loss of confidence in the firm.
What made the Starwood attack different was the presence of passport numbers, which could make it far easier for an intelligence service to track people who cross borders. That is particularly important in this case: In December, The New York Times reported that the attack was part of a Chinese intelligence gathering effort that, reaching back to 2014, also hacked American health insurers and the Office of Personnel Management, which keeps security clearance files on millions of Americans.
-snip-
Read more:
https://www.nytimes.com/2019/01/04/us/politics/marriott-hack-passports.html