Hackers didn’t affect as many Marriott customers as initially thought last November in the company’s massive data breach, but the considerable information they got was significant.
Marriott, on Friday, issued an update on its investigation, saying it now believes the hackers accessed as many as 383 million records, instead of the initial estimate of 500 million.
Crucially, included among the compromised data were 5.25 million unencrypted passport numbers.
While the same hackers also stole 20.3 encrypted passport numbers and 8.6 million encrypted debit and credit cards, Marriott says it has no evidence the thieves were able to decrypt that information.
The company says it is in the process of setting up a method for guests to look up whether a passport number has been compromised. Marriott already created a dedicated website and call center about the data base hack.
The company has previously said it will reimburse the cost of new passports for people affected by the breach.
Marriott only learned of the data theft on Nov. 19, after hackers had accessed records since 2014.
Marriott brands involved in the incident include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) program, as well as Starwood-branded timeshare