Marriott International announced Friday that fewer guests were impacted by a breach of its Starwood reservations database than originally announced, but that millions of unencrypted passport numbers were accessed.
The chain said in a release that it now believes as many as 383 million records were accessed in the hack, but noted that some of those records were repeats impacting the same guests. That’s down from the 500 million guests originally believed to be impacted by the hack.
{mosads}However, Marriott said that roughly 5.25 million unencrypted passport numbers were obtained by hackers, as well as 20.3 million encrypted passport numbers.
And about 8.6 million encrypted debit and credit cards were accessed by a third party, with about 354,000 of those cards not having expired by September of last year.
Marriott noted that there is no evidence that the hackers were able to decrypt the encrypted passport and payment card numbers.
Organizations will often lower the number of the parties impacted in a breach after investigating the hack further.
Marriott’s disclosure of the massive breach late last year quickly sparked calls for a federal privacy standard.
Congress is expected to take up privacy legislation in the coming months, including bills from Sen. Brian Schatz (D-Hawaii) and Sen. Joe Kennedy (R-La.).