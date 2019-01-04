Igor Golovniov/SOPA Images/LightRocket via Getty Images

Marriott downsized its original estimate on a major data breach, but the number of people affected is still historic.

The hotel group announced on Friday that the number of affected guests was not the original 500 million people affected, which it reported in November. After an investigation with a forensics and analytics team, the company now believes that hackers only stole up to 383 million guest records.

It's less than the original reported estimate, but still the largest personal data breaches in history, more than double the 147.7 million Americans' data stolen in Equifax's breach. Data breaches have become a common issue for massive companies that collect and store information on millions of people.

Hackers look for poor protection to steal valuable details like social security numbers, birth dates, email addresses and credit card numbers. In 2018, tech giants like Facebook and Reddit have fallen victim to data breaches.

In November, Marriott announced that hackers compromised the reservation database for its Starwood division, which the hotel group acquired in 2016. The Starwood division, which includes hotel lines like Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis, had been hacked since 2014, Marriott said.

"We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened," Arne Sorenson, Marriott's president, said in a statement.

The stolen data in Marriott's breach included names, addresses, phone numbers, credit card information, emails, passport numbers and travel details.

The company announced that about 5.25 million unencrypted passport numbers were stolen in the hack, while another 20.3 million encrypted passport numbers were taken.



"There is no evidence that the unauthorized third party accessed the master encryption key needed to decrypt the encrypted passport numbers," the company said in its statement.

Marriott has offered to pay for new passports if affected guests can prove they were victims of fraud. That could cost the company up to $577 million.

There were about 8.6 million encrypted credit card numbers stolen in the breach as well, Marriott said. It is still investigating how many stolen payment card numbers were not encrypted.

It's still unclear who is behind the Marriott breach, though Reuters, the Washington Post and the New York Times reported that investigators believe China is responsible. On a "Fox and Friends" segment in December, Secretary of State Mike Pompeo said that China was behind Marriott's hack.

The Department of Justice and the Department of State declined to back up his remarks.

Lawmakers have called for companies to improve their cybersecurity, as Sen. Ron Wyden introduced a Consumer Data Protection Act that could jail CEOs for lying about data protection efforts.