Although fewer people were affected by the Marriott data breach than originally expected, millions of passport numbers have been stolen. Marriott representatives have clarified that the breach happened at Starwood before the acquisition was completed. In its latest statement, Marriott confirmed that the following were stolen:

• There were approximately 8.6 million unique payment card numbers, all of which were encrypted

• There were approximately 5.25 million unique unencrypted passport numbers and approximately 20.3 million encrypted passport numbers.

Officials say it’s unlikely that someone could create a fake passport based on only a number. But the breach is worrying because passport numbers provide intelligence agencies with information about where people go, particularly when they cross borders. The U.S. hasn’t charged China with the breach, but experts say tactics are similar to those used in other breaches.

Marriott is offering new passports for guests whose documentation was used for fraudulent purposes.

Marriott image source. Passport image source.

Discussion:

• Analyze Marriott’s communication so far: the audience, objectives, organization, tone, and so on. What works and what could be improved?

• Compare the communication to how other companies handled a data breach.

• Should Marriott offer new passports to all affected guests—not just those whose documentation was used for fraud? Why or why not?