Marriott says fewer guests affected in Starwood hack

Hospitality giant Marriott said less people than originally anticipated were affected by a breach of its Starwood Hotels reservation system. Shares rose on Friday in reaction.

While initial estimates from the company pegged affected customers of the hack – disclosed in November – at as many as 500 million guests, Marriott said on Friday it had identified a new “upper limit” of 383 million people. However, the company said that number is likely still too high because it counts multiple compromised records belonging to a single guest.

However the company also disclosed that unencrypted passport numbers of 5.25 million people were accessed by hackers, along with potentially 20.3 million encrypted passport numbers.

Passport information could be particularly valuable to nefarious foreign actors because it could give away travel data for businesspeople and government officials, as reported by The Wall Street Journal.

The company said on Friday it is putting together a system for guests to check whether their passport information has been compromised.

In addition to passports, other breached data potentially includes names, mailing addresses, phone numbers, email addresses and birth dates. More than 8 million encrypted payment cards were involved in the hack.

The breach affected guests who made a reservation at a Starwood property on or before Sept. 10. The company reported the incident to law enforcement on Nov. 19 and reported it to the public on Nov. 30.

The investigation is ongoing.

Marriott completed a purchase of Starwood for $13.6 billion in Sept. 2016. The hack is said to have begun in 2014.