Marriott Data Breach Smaller Than Initially Reported

January 4, 2019, Written By John H. Oldshue
Marriott Data Breach Smaller Than Initially Reported

After both internal and external investigations, Marriott claims the Starwood data breach affected a smaller number of guests than initially reported. The original reports estimated that 500 million records were impacted by the breach, but that number has been lowered to 383 million.

The database contained multiple records for some guests, so the number of unique users affected is actually even lower than 383 million. Marriott was unable to provide an exact amount of affected parties.

The data breach occurred in 2014, so some of the stolen information has now expired. For instance, 8.6 million payment cards were involved with the breach, but only 354,000 of them are still valid. The card information was encrypted, and there is no evidence suggesting the hackers collected the details necessary to decrypt the card numbers.

Marriott says approximately 5.25 million unencrypted passport numbers were accessed, along with 20.3 million encrypted passport numbers. As with the payment cards, there is no evidence the hackers collected the encryption key.

Since this information came to light, Marriott has completely phased out the old reservation database from Starwood. All reservation information for Starwood Hotels is now processed through Marriott’s system.

If you believe you may have been affected by the Starwood data breach, you may contact Marriott through the dedicated call center. The number for the U.S. is 1-877-273-9481. More information is available at

The information contained within this article was accurate as of January 4, 2019. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.

About John H. Oldshue

John Oldshue is the creator of He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for
View all posts by John H. Oldshue