Investor Alert

New York Markets Close in:

Dec. 4, 2018, 4:40 p.m. EST

Exclusive: After massive hack, Marriott pledges to pay for new passports if fraud has taken place

The promise could be expensive. It costs approximately $110 to get a new passport

Watchlist Relevance

Want to see how this story relates to your watchlist?

Just add items to create a watchlist now:

  • X
    Marriott International Inc. (MAR)
  • X
    Equifax Inc. (EFX)
  • X
    Experian PLC (EXPN)

or Cancel Already have a watchlist? Log In

By Kari Paul, MarketWatch

Getty Images
A sign marks the location of a Marriott hotel on November 30, 2018 in Chicago, Illinois.

Marriott International /zigman2/quotes/200170042/composite MAR +0.10%  customers are being given free identity theft monitoring software to keep an eye on accounts after a massive hack exposed the data of more than 500 million people. But on Monday evening, Marriott said it would go even further to help customers impacted by the massive hack.

“As it relates to passports and potential fraud, we are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident,” a spokesman told MarketWatch.

“If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport,” he said.

On Friday, it admitted a portion of those affected by the breach — 327 million people — may have had their passport numbers stolen. The hack started in 2014, but it went undetected until last September, and involved the reservation database for its Starwood properties.

The hotel chain appears to have listened to mounting voices calling for more action on behalf of consumers. Jacob Serpa, a product marketing manager from security firm Bitglass, said the pledge was necessary for Marriott to restore trust among its customers.

“The enterprise has a responsibility to defend the personal information of those that it serves,” he said. “When organizations fail to protect data, it is customers whose well-being is ultimately damaged. As such, when a company fails to defend its data, it should take steps to assist those affected by its shortcomings.”

Senator Chuck Schumer, a Democrat from New York, and other lawmakers had called for the company to pay $110 for passport replacements.

“Right now, the clock is ticking to minimize the risk customers face and one way to do this is to request a new passport and make it harder for thieves to paint that full identity picture,” Schumer said. “Marriott must personally notify customers under the greatest security risk immediately and then foot the bill for those folks to acquire a new passport and number should they request it.”

Security experts say in a worst case scenario the breaches of passports could create a larger security crisis, allowing malicious actors to create false passports to enter the country. Hackers could open financial accounts using the data taken from passports, said Francis Dinha chief executive officer of security platform OpenVPN.

“Be sure to change your passwords, set up two-factor authentication and keep a close eye on all your financial records,” Dinha said. “You may even want to consider a credit freeze until you can be sure your information is safe.”

Security experts say given the size of the Marriott hack and other breaches in recent years, most consumers should consider freezing their credit as a safety precaution, even if they don’t believe they have been affected.

Following a September 2018 change, freezing credit is now free through all three major credit bureaus including Equifax /zigman2/quotes/208789454/composite EFX -0.07% , Experian /zigman2/quotes/210252954/delayed UK:EXPN +0.44% , and TransUnion /zigman2/quotes/209192458/composite TRU -1.74% .

The Marriott incident underscores the need for more secure personal identification options than passports and Social Security numbers, according to David Ginsburg, vice president of marketing at Cavirin, a Santa Clara, Calif.-based provider of cybersecurity risk posture and compliance.

“Rather than a knee-jerk reaction, we need to finally address the fact that all personal data is at risk and will be used by hackers to build complete profiles of individuals that may be monetized,” he said. “I’m not alone in calling for a next-generation identifier to replace much of this.”

The Trump administration has floated the idea of replacing the Social Security number, which was introduced in 1936, with a more secure identifier. Rob Joyce, special assistant to the president and White House cybersecurity coordinator, said in 2017 the Social Security number “has outlived its usefulness.”

In the meantime, anyone affected by the hack should change their passport numbers as soon as possible, Mark Weiner from security firm Balbix said.

“With your passport number, name, and date of birth, anyone can apply for a new passport by reporting the existing one stolen, use it as a proof of identity to open a new bank account or access an existing one,” he said. “Your passport number is an integral part of your identity, along with your name and date of birth and it can cause immense damage in the wrong hands.”

US : U.S.: Nasdaq
$ 165.36
+0.17 +0.10%
Volume: 838,171
Dec. 2, 2022 3:31p
P/E Ratio
Dividend Yield
Market Cap
$52.29 billion
Rev. per Employee
$ 202.10
-0.15 -0.07%
Volume: 470,265
Dec. 2, 2022 3:31p
P/E Ratio
Dividend Yield
Market Cap
$24.76 billion
Rev. per Employee
UK : U.K.: London
2,967.00 p
+13.00 +0.44%
Volume: 963,441
Dec. 2, 2022 4:44p
P/E Ratio
Dividend Yield
Market Cap
£26.91 billion
Rev. per Employee
$ 61.38
-1.09 -1.74%
Volume: 1.21M
Dec. 2, 2022 3:31p
P/E Ratio
Dividend Yield
Market Cap
$12.04 billion
Rev. per Employee

Kari Paul is a personal finance reporter based in New York. You can follow her on Twitter @kari_paul.

This Story has 0 Comments
Be the first to comment
More News In
Personal Finance

Story Conversation

Commenting FAQs »

Rates »

Partner Center

Link to MarketWatch's Slice.