Daily Management Review

Passport Numbers Of 5 Million Customers Hacked: Concedes Marriott


Passport Numbers Of 5 Million Customers Hacked: Concedes Marriott
While claiming that the most recent data breach from its servers by hackers was not as severe as had been feared earlier, Marriott International conceded on Friday that the passport numbers for roughly five million guests were not encrypted by its Starwood hotel unit. The identified passport numbers were lost to the hackers and many believe that the hack was the handiwork of Chinese intelligence agencies.
Back in November when the breach was first reported by Marriot, the company had expressed fears that personal data of more than 500 million guests may have been hacked from its database that stores reservation data at the Starwood hotel which had been acquired by hotel chain Marriot. But back in November, the company had said that the number was a stated as a worst case scenario since millions of duplicate records were also included in it.
The total number of guest reservations records lost was identified to be “approximately 383 million records as the upper limit” after data analysis was conducted by forensic analysts, the company said on Friday. The company however said that it had not clue about who had carried out the attack while also assuring that the number could drop more in the future because of elimination of more duplicate records are identified over time. despite the lower figures, the revised figure is still the largest loss in history and is greater than the numbers hacked in the incident on Equifax – the consumer credit-reporting agency which had claimed that driver’s license and Social Security numbers of about 145.5 million Americans had been stolen. That incident resulted in the sacking of the company’s chief executive and a huge dent of public confidence in the company.
The hacking on the Starwood server has assumed importance because of the loss of passport numbers which could be used to track people who cross borders by an intelligence service. This assumption assumed importance in this case because in December, The New York Times had reported that the hacking was possibly the handiwork of Chinese intelligence gathering services which had been attempting since 2014 to gather personal data of millions of Americans and started off with the hacking of millions of American’s security clearance files from the American health insurers and the Office of Personnel Management.
On the overall, the latest cyber attack is being viewed to a part of a larger effort of China’s Ministry of State Security to get together a huge database of Americans and others who are positioned in sensitive offices or other industries and such information includes the placed where they worked, names of their colleagues, foreign contacts and friends, and their places of travel.
“Big data is the new wave for counterintelligence,” James A. Lewis, a cyber security expert who runs the technology policy program at the Center for Strategic and International Studies in Washington, said last month.
Possession of any knowledge about the Marriott attack has been denied by Chinese authorities. “China firmly opposes all forms of cyber attack and cracks down on it in accordance with the law,” Geng Shuang, a spokesman for its Ministry of Foreign Affairs, had said in December. “If offered evidence, the relevant Chinese departments will carry out investigations according to the law,” the spokesman added.