cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,061
Marriott International has provided an update to the "Starwood" data breach that was initially thought to have affected 500 million of its customers. After "working closely with its internal and external forensics and analytics investigation team" Marriott was able to determine that the number of customers affected is likely to be less than 383 million! The actual number affected is likely less than that as some guests seem to have multiple entries in the database.
Marriott failed to encrypt 5.25 million customer passport numbers that the hackers pilfered, but the other 20.3 million passports were encrypted. Marriott International is confident that the hackers, who are thought to be Chinese government agents, won't be able to decode the files because they would need access to the master encryption key. Marriott says credit card information was encrypted, but some credit card information seems to have been entered in the wrong areas on forms in plain text. This erroneous information lacks encryption, but it only affects less than 2,000 customers. If the company figures out it is indeed credit card information, then steps will be taken to protect the affected customers. Marriott has discontinued the Starwood database and has transitioned all reservations to the Marriott system.
"We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened," said Arne Sorenson, Marriott's President and Chief Executive Officer. "As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers' concerns and meet the standard of excellence our customers deserve and expect from Marriott."
Marriott failed to encrypt 5.25 million customer passport numbers that the hackers pilfered, but the other 20.3 million passports were encrypted. Marriott International is confident that the hackers, who are thought to be Chinese government agents, won't be able to decode the files because they would need access to the master encryption key. Marriott says credit card information was encrypted, but some credit card information seems to have been entered in the wrong areas on forms in plain text. This erroneous information lacks encryption, but it only affects less than 2,000 customers. If the company figures out it is indeed credit card information, then steps will be taken to protect the affected customers. Marriott has discontinued the Starwood database and has transitioned all reservations to the Marriott system.
"We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened," said Arne Sorenson, Marriott's President and Chief Executive Officer. "As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers' concerns and meet the standard of excellence our customers deserve and expect from Marriott."