November 21, 2019

November 21, 2019

Subscribe to Latest Legal News and Analysis

November 20, 2019

Subscribe to Latest Legal News and Analysis

November 19, 2019

Subscribe to Latest Legal News and Analysis

Marriot Hotel Reveals Further Details About Records Impacted by Data Breach; Revises Down Number of Affected Records

Late last year the Marriott Hotel announced that it had suffered a data breach, which affected approximately 500 million guests who made a hotel reservation using its Starwood reservation system. Details about the data breach can be found in our previous blog.

The Marriott has now advised that it believes as many as 383 million records were accessed in the data breach. While this number has been revised down from the initial assessment of 500 million records, the Marriott believes approximately 5.25 million unencrypted passport numbers, 20.3 million encrypted passport numbers and 8.6 million encrypted debit and credit card numbers were obtained by hackers. So far the Marriott believes the hackers have not gained access to the master encryption key needed to decrypt the encrypted passport numbers or payment card numbers.

It is not unusual for a company to revise the size of a data breach it has suffered after further investigations into the data breach have been completed. Nevertheless, 383 million records impacted by the breach is still a significant number, especially when some of those records contain unencrypted identity information. The Marriott has advised guests that it will put a process in place for guests to look up whether their passport number was one of the unencrypted passport numbers, which is worth checking once the process is up and running if you have received a notification from the Marriott about the breach.

Copyright 2019 K & L Gates


About this Author

Warwick Andersen Technology Lawyer KL Gates

Mr. Andersen is a senior corporate lawyer with a focus on commercial, technology and sourcing projects. He has advised on large scale outsourcing projects, technology agreements for both vendors and customers, corporate support, privacy and telecommunications regulatory work. He has acted for government departments, large listed companies, telecommunications companies and technology suppliers.

Rob Pulham, KL Gates, Corporate technology requirements lawyer, contracts drafting attorney
Senior Associate

Mr. Pulham is a corporate and commercial lawyer. His practice includes advising clients in managing their technology requirements and contracts (including drafting, review and negotiation of contracts for the provision of technology products and services), providing advice regarding privacy, data protection and copyright law, marketing and advertising, website content and general commercial intellectual property advice.

Mr. Pulham's experience includes having worked for leading technology suppliers, large Australian financial institutions, and food and beverage manufacturers, as well as Australian and Victorian government agencies.

Keely O'Dowd, K&L Gates, attorney, Melbourne

Ms. O'Dowd is an experienced lawyer with a focus on technology and sourcing projects. She advises on a broad range of technology transactions, including procurement, outsourcing and software licensing. This work includes drafting and advising on a range of IT procurement and supply agreements. Ms. O'Dowd advises a range of corporations on privacy and cybersecurity.