According to a new report from Fortune, although officials at Marriott International promised to pay for new passports for those guests whose passport numbers were compromised in the recently announced Starwood Preferred Guest data breach, the cost of making good on that pledge would almost certainly bankrupt the company.
When Marriott International announced that a massive data breach occurred for Starwood Preferred Guests (SPG), the hotel giant promised that it would take extraordinary steps to help make sure customers didn’t lose money or fall victim to fraud in wake of the personal and financial information of a staggering 500 million guests being exposed by the hack. According to Marriott officials, for more than 327 million of those guests, the compromised information included “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).”
The company immediately devoted considerable resources to setting up a dedicated help line and providing fraud protection services for affected customers. Perhaps more importantly, officials pledged to devote even more resources to making those customers whole again – including the possibility of paying to replace passports which had been compromised in the hack.
“We deeply regret this incident happened,” Marriott International CEO Arne Sorenson said in an initial statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward. Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”
Now, however, some analysts say it would be nearly impossible for Marriott International to make good on its promise to replace the passports of SPG hacking victims. Fortune’s Robert Hackett points out that shelling out $110 for each of the 327 million guests whose passport numbers may have been hacked would amount to a payout of billions of dollars – an amount more than the total value of the entire company.