<div dir="ltr"><div dir="ltr"><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><a href="https://www.washingtonpost.com/technology/2019/01/04/marriott-hackers-accessed-more-than-million-passport-numbers-during-novembers-massive-data-breach/">https://www.washingtonpost.com/technology/2019/01/04/marriott-hackers-accessed-more-than-million-passport-numbers-during-novembers-massive-data-breach/</a><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><b><span style="font-size:10pt"></span></b><span style="font-size:10pt"></span><span style="font-family:arial,helvetica,sans-serif"></span><br></div></div><div dir="ltr"><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Marriott International, the world’s largest hotel company, said Friday that millions of passport numbers were accessed in a data breach that was first announced in November.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Marriott revealed for the first time, <a href="http://news.marriott.com/2019/01/marriott-provides-update-on-starwood-database-security-incident/" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">in a statement posted online</a>, that hackers accessed approximately 5.25 million unencrypted passport numbers. The attack resulted in an additional 20.3 million encrypted passport numbers being swiped, but there is no evidence that the hackers were able to decrypt the data, the statement said.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Translated into another code, only available to those with access to a digital key, encrypted data is harder for hackers to obtain and considered more protected, according to experts.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Marriott also said that the breach affected an estimated 383 million “unique guests,” down from the original estimate of 500 million given when the company said in November that its Starwood guest reservations database had been penetrated by hackers.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">The Bethesda-based hotel chain said it updated its figures following the work of a “forensics and analytics investigation team.”</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">“We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened,” said Arne Sorenson, Marriott’s president and chief executive, according to the company’s statement. “As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers’ concerns and meet the standard of excellence our customers deserve and expect from Marriott.”</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Despite a decrease in the estimated number of affected customers, the Marriott breach remains among the largest data heist in history, <a href="https://www.apnews.com/2e2f9aad21fc4fdd87b7852e5db2327f" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">according to the Associated Press</a>. The data of more than 140 million Americans was exposed <a href="https://www.washingtonpost.com/business/technology/equifax-hack-hits-credit-histories-of-up-to-143-million-americans/2017/09/07/a4ae6f82-941a-11e7-b9bc-b2f7903bab0d_story.html?utm_term=.6c857da883eb" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">when Equifax was hacked in 2017</a>, and 40 million customers had their credit card information <a href="https://www.washingtonpost.com/local/public-safety/hacker-linked-to-target-data-breach-gets-14-years-in-prison/2018/09/21/839fd6b0-bd17-11e8-b7d2-0773aa1e33da_story.html?utm_term=.a3abf2ea1cb8" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">stolen from Target by hackers in 2013</a>.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">The compromised passport numbers represent a fraction of the total data stolen by hackers, according to the company’s latest figures.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)"><a href="https://www.washingtonpost.com/technology/2018/11/30/what-you-should-do-after-marriott-data-breach/?utm_term=.6e2fde113013" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">As Hamza Shaban reported in November</a>, the hackers — who gained access to Marriott records Nov. 19 — were able to access names, addresses, phone numbers and email addresses, as well as loyalty program account information, dates of birth, gender and reservation information.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">“Marriott now believes that approximately 8.6 million encrypted payment cards were involved in the incident,” the company statement said Friday, adding that 354,000 of those cards were unexpired as of September.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">The company also said that while “there is no evidence that the unauthorized third party accessed either of the components needed to decrypt the encrypted payment card numbers,” it cannot rule out the possibility.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">The FBI is overseeing the investigation into the data breach, which experts suspect was directed by the Chinese Ministry of State Security, according to AP.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Chinese government officials <a href="http://www.wionews.com/world/china-denies-role-in-marriott-hacking-case-182014" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">have denied</a> involvement in the attack and promised to carry out an investigation if they’re offered evidence of wrongdoing, <a href="https://www.reuters.com/article/us-marriott-intnl-cyber-china-exclusive/exclusive-clues-in-marriott-hack-implicate-china-sources-idUSKBN1O504D" style="box-sizing:border-box;margin:0px;padding:0px;font-size:18.92px;vertical-align:baseline;background:transparent;text-decoration-line:none;color:rgb(44,108,180);border-bottom:1px solid rgb(213,213,213)">according to Reuters</a>.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">Priscilla Moriuchi — an analyst with Recorded Future who worked for the National Security Agency until 2017 — told AP that unencrypted passport numbers are particularly useful for tracking people’s movements and learning about their history.</p><p style="box-sizing:border-box;margin:4px 0px 18px;padding:0px;border:0px;outline:0px;font-size:18.92px;vertical-align:baseline;background:transparent;font-family:Georgia,Times,"Times New Roman",serif;color:rgb(17,17,17)">“You can identify things in their past that maybe they don’t want known, points of weakness, blackmail, that type of thing,” she said.</p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>