The Jakarta Post
Marriott hotels announced recently it has had an 'unauthorized party' breach its internal information security, attaining the information of about 500 million guests. (shutterstock.com/Cassiohabib/File)
For identity thieves, getting their hands on a person’s passport is the same as striking oil, which is why it is imperative that businesses require such sensitive personal information be kept away from prying eyes.
Marriott hotels announced recently it had an “unauthorized party” breach its internal information security, accessing its reservations for Starwood, a subdivision of Marriott, attaining the information of about 500 million guests.
What makes this data breach different is that hackers also stole guests' passport numbers, which brings a whole new set of risks.
People's full names, email addresses, phone numbers and dates of birth alongside some credit card information could fall into the wrong hands. Marriott, however, added that it was unsure whether hackers would be able to decrypt the credit card information.
Forbes has also advised people who recently checked into Starwood or any Marriott hotels to freeze their credit cards.
“I’m recommending a credit freeze, because I think the biggest risk from this breach is that a criminal would use the stolen info to create an unauthorized account in someone’s name,” industry analyst for CreditCards.com Ted Rossman said.
According to Forbes, the hotel determined there had been a previous data breach in 2014. However, Ted thought that the chances of a thief using a victim’s credit card were low as the stolen information would have been encrypted, and even after decryption, unauthorized credit card charges could easily be reversed.
The stolen passport data is what has been the most alarming.
“Passport data is something you should hold onto more tightly than something like a driver’s license,” said executive director of the World Privacy Forum, Pam Dixon, quoted by Popular Science.
The article goes on to say that the Marriott breach could help thieves observe victims' travel information and check-in check-out information at various locations, where their passports would be used. Something as simple as an online tool made available by United States Customs and Border Protection, called the I-94 Travel Records for US Visitors, will allow anyone with your name, birthday and passport number (which were stolen in the breach) to track personal travel history.
“If you’re the type of traveler who doesn’t go to many places and keeps your passport in the drawer, that might make you a great target,” Dixon said, “It decreases the odds someone will notice the fraud.”
This data can also be used to create an entirely new passport, allowing the thieves with information to attain anyone’s identity by simply providing a victim’s name, birthday and passport number, and reporting the passport missing, which makes it easier to avoid the threat of being detected due to biometrics.
“A technique called morphing helps some fake documents pass biometric tests.” Dixon explained.
The safest bet suggested by the article was to renew one’s current passport, as it was an easy process, especially since you were the real owner of your passport and could show up in person at any time. The old passport number will then be obsolete and cannot be used to steal your identity. (acr/wng)