Marriott Breach: Unencrypted Passport Numbers, Payment Cards Leaked

Marriott Breach: Unencrypted Passport Numbers, Payment Cards Leaked

Marriott's mega-breach is somehow better, and worse.

Marriott International says its recently discovered mega-breach wasn't quite as bad as it first advertised. Marriott originally estimated that the breach exposed information of 500 million customers, but now believe only 383 million people were affected. 

"We concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database," Marriott said in its revised data breach notification.

Marriott also says that its breach investigation now counts 25.6 million passport numbers being exposed in the breach, of which 5.25 million were unencrypted. 

"There is no evidence that the unauthorized third party accessed the master encryption keys needed to decrypt the encrypted passport numbers," Marriott said, but that doesn't mean that the hackers couldn't later brute-force their way in.

Also exposed in the breach was approximately 8.6 million encrypted payment cards that were being stored by Marriott. If attackers were able to decrypt the card data, they could have been using the stolen card data since 2014 to commit fraud.

By the time the breach was discovered, Marriott said the majority of the payment cards were expired. Only 354,000 were still active as of September 2018. As with the passport data, Marriott has no reason to believe the third party accessed the encryption key needed to access the payment cards.

Back in December of 2018, the Marriott announced a breach of its Starwood guest reservation database. The information accessed included some combination of a name, mailing address, phone number, email, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation data and communication preferences.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.