Updated info: 5 million unencrypted passport numbers were stolen in Starwood hotel data breach

published on 2019/01/05

Marriott, which owns hotel chain giant Starwood, said it has revised the number of customers affected by its recently disclosed data breach from 500 million to “fewer than 383 million unique guests.” That doesn’t mean all those 383 million guests are affected, Marriott said, but the hotel giant still can’t yet give a more precise number of customers whose data was stolen.

The bad news is that the company confirmed that more than five million unencrypted passport numbers were stolen, on top of the more than 20 million encrypted passport numbers.


The Marriot security breach was first reported in November 2018 and the information that has resulted from further investigation from the breach has gotten worse.

Security is a hard problem. It is also highly critical because it contains private information entrusted by customers to organizations. Unfortunately that the security aspect of creating and operating a system has not been given priority by many organizations. Features and schedule are still given the most priorities in many project planning.

The worse is that many smaller organizations do not have the capacity to regularly monitor their systems to detect breach into their systems. There are a lot of breaches that we don't know about.

In a way it is good that we see more frequent and broad coverage of security breaches. It has been underreported for a long time. Organizations need to be informed on the critical importance of development and operational security on their systems.