Hotel chain giant Marriott will now let you check if you’re a victim of the Starwood hack.
The company confirmed to TechCrunch that it has put in place “a mechanism to enable guests to look up individual passport numbers to see if they were included in the set of unencrypted passport numbers.” That follows a statement last month from the company confirming that five million unencrypted passport numbers were stolen in the data breach last year.
The checker, hosted by security firm OneTrust, will ask for some personal information, like your name, email address, as well as the last six-digits of your passport number.
Marriott says data on “fewer than 383 million unique guests” was stolen in the data breach, revealed in September, including guest names, postal addresses, phone numbers, dates of birth, genders, email addresses and reservation information. Later it transpired that more than 20 million encrypted passport numbers were also stolen, along with 8.6 million unique payment card numbers. Marriott said only 354,000 cards were active and unexpired at the time of the breach in September.
Opening up the checker to the wider public is a bright spot in what’s been a fairly atrocious incident recovery by Marriott since the breach. The company’s initial response was plagued with hiccups and missteps that many security experts stepped in to fill in the gaps at their own expense.
The checker won’t kick back a result straight away — you’ll have to wait for a response — and Marriott doesn’t say how long that’ll take. There is a certain irony in having to turn over your own data — not least to a third-party — to be told if you’re a victim of a breach. It’s literally the last thing any breach victim wants to do: hand over even their more of their personal information. But that’s the world we’re living in, and everything is terrible.
Use the checker at your own risk.