Marriott has promised to pay for new passports for any of the 500 million Starwood customers whose personal information was exposed in a massive data breach. As many as 327 million people’s passport numbers may have been exposed in the breach, Marriott (MAR) revealed Friday.
“As it relates to passports and potential fraud, we are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident,” a Marriott spokesman told MarketWatch. “If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport.”
Security experts say in a worst-case scenario, the passport data breach could create a larger security crisis, allowing malicious actors to create false passports to enter the country or open financial accounts, Francis Dinha of security platform OpenVPN told Marketwatch.
The U.S. State Department says people shouldn’t panic, as a person can’t travel with a passport number alone. But Sen. Chuck Schumer and other lawmakers have called for the company to pay for passport replacements, which cost $110 for adults.
“Right now, the clock is ticking to minimize the risk customers face and one way to do this is to request a new passport and make it harder for thieves to paint that full identity picture,” the New York Democrat said. “Marriott must personally notify customers under the greatest security risk immediately and then foot the bill for those folks to acquire a new passport and number should they request it.”
Marriott learned the data breach on Nov. 19, which began in 2014, went undetected during its acquisition of Starwood in 2016, and continued until September of this year. The high-end Starwood chain includes hotels such as W, St. Regis and Le Meridien. Customers who fear they may have been affected in the breach should read our guide on what to do next.