In early December, I wrote about the Marriott Data Breach that potentially affected approximately 500 million customers. There was speculation that the breach was carried out by Chinese hackers over some years. Marriott has been working with internal and external investigation teams to pinpoint the nature of the hack and to identify the total amount of information compromised. Marriott has released an update to the breach.
Marriott stated that the number of guests’ information compromised is closer to 380 million rather than the 500 million initially reported. Of those 380 million, some guests information may have been accessed more than once, which will bring down the total unique guests affected.
The company also believes that over 5 million unencrypted and 20 million encrypted passport numbers were accessed. Marriott will soon have a mechanism in place for guests to see if their unencrypted passport numbers were included in the batch.
As it pertains to credit cards, Marriott believes that approximately 350 thousand encrypted payment were involved in the incident. Marriott does not think any of the cards were decrypted, which is good news.
Marriott phased out the affected Starwood reservation database at the end of 2018. Guests should go to info.starwoodhotels.com for more information.

Final Word
While I appreciate Marriott for being transparent by releasing the findings, it does not reduce my apprehension when it comes to future sharing my personal information. I understand that it is needed, but at what cost? We have now seen data breaches from Marriott, Sonic, Equifax, and Cathay Pacific over the past year. This should be alarming to everyone. I suggest that all consumers put a fraud alert on their credit report. If you are military, add an active duty alert as well.