The largest expert travel community:
  • 769,473 Total members
  • 5,177 Users online now
  • 1,722,272 Threads
  • 31,576,593 Posts

Is Marriott’s Promise to Pay for New Passports Impossible?

Is Marriott’s Promise to Pay for New Passports Impossible?
Jeff Edwards

According to a new report from Fortune, although officials at Marriott International promised to pay for new passports for those guests whose passport numbers were compromised in the recently announced Starwood Preferred Guest data breach, the cost of making good on that pledge would almost certainly bankrupt the company.

When Marriott International announced that a massive data breach occurred for Starwood Preferred Guests (SPG), the hotel giant promised that it would take extraordinary steps to help make sure customers didn’t lose money or fall victim to fraud in wake of the personal and financial information of a staggering 500 million guests being exposed by the hack. According to Marriott officials, for more than 327 million of those guests, the compromised information included “some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).”

The company immediately devoted considerable resources to setting up a dedicated help line and providing fraud protection services for affected customers. Perhaps more importantly, officials pledged to devote even more resources to making those customers whole again – including the possibility of paying to replace passports which had been compromised in the hack.

“We deeply regret this incident happened,” Marriott International CEO Arne Sorenson said in an initial statement. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward. Today, Marriott is reaffirming our commitment to our guests around the world. We are working hard to ensure our guests have answers to questions about their personal information, with a dedicated website and call center. We will also continue to support the efforts of law enforcement and to work with leading security experts to improve. Finally, we are devoting the resources necessary to phase out Starwood systems and accelerate the ongoing security enhancements to our network.”

Now, however, some analysts say it would be nearly impossible for Marriott International to make good on its promise to replace the passports of SPG hacking victims. Fortune’s Robert Hackett points out that shelling out $110 for each of the 327 million guests whose passport numbers may have been hacked would amount to a payout of billions of dollars – an amount more than the total value of the entire company.

[Photo: Shutterstock]

View Comments (8)


  1. sdsearch

    December 11, 2018 at 3:50 pm

    I’ve heard (I don’t know if it’s confirmed or just suspected by some) that the Marriott hack may have been by a foreign government, rather than criminals. If so, they may not have been after the average person’s info at all, but instead my have been searching for people who have access to intelligence and wanting to get information they could use to blackmail them.

    If Marriott knows something about who did the hack, and knows that it’s unlikely for the passports to be used fraudulently, they may be more willing to pay for any fraudulent use simply because they don’t expect there to be any fraudulent use. Marriott is requiring uses to prove the passport numbers were misused before they’ll pay, and no way anywhere near all 327 million will be able to prove that; will even ONE person be able to prove that?

  2. CPMaverick

    December 12, 2018 at 4:43 am

    It’s highly unlikely that a majority of the 327 million that included ‘some combination of’ identity documents had Passport numbers in that mix. Most Marriott stays are domestic. From that number it seems reasonable that a small percentage will take Marriott up on that deal. It’s a risk reward game, Marriott isn’t actually going to bankrupt from the offer and they save face.

  3. RooseveltL

    December 12, 2018 at 5:48 am

    I agree with prior reply. It is extremely difficult to prove a passport number is used fraudulently unless traveling to foreign country/location border control indicating you are flagged or visa invalid, etc. It is mostly a symbolic gesture without much sincerity behind it.

  4. velihall

    December 12, 2018 at 6:24 am

    The analysts assume that all 325 million shared their passport number with the hotel chain? That seems an interesting assumption. I wonder what the percentage is. Maybe it was just Mr Hackett from Fortune. Is that number publicly available?

  5. spartacus

    December 12, 2018 at 1:20 pm

    Why would they need your passport number to begin with? Are there countries that require hotels to collect this information?

  6. jonsg

    December 12, 2018 at 1:27 pm

    “shelling out $110 for each of the 327 million guests whose passport numbers may have been hacked”

    Because, of course, every country whose citizens were affected by the data breach charges US$110 for a new passport.

  7. Hotcat1970

    December 12, 2018 at 7:32 pm

    Bit of an American centric view of the world. This data breech was on the Starwood company, of which’s properties around 75% are not in US locations. Are all the guests American? Not likely, hence the passports certainly won’t cost $110 to replace. You can double that in some countries, and don’t forget the inconvenience and hoop jumping required to get a new passport, and potentially replace/change any active visas in it.
    Will Marriott pay for it anyway? Not likely. This is nothing more than public facing PR in the face of a huge data breech. Very common in lots of countries to present your passport at check in, sometimes government mandated (in China for example), sometimes as a proof of ID.
    On the credit card details side of things, interesting to see that they are not offering a free Experian Protect My ID subscription to anyone, unlike Cathay Pacific and British Airways have with their respective data breech’s.

  8. troyintn

    January 1, 2019 at 4:39 am

    People are also missing the point that it was not 327 million people but reservations. How many people had multiple reservations in that total. I would assume I have 50- 100, just with the time frame involved and the number of hotel stays I had. And as person that goes overseas often unless SPG added my passport info I did not give it to them, since I physically check in to most hotels. Unlike my airline where I use online check in and need to have my passport info.

You must be logged in on the FORUM to post a comment Login

Leave a Reply

More in Marriott

Are We to Blame for Marriott’s Reward Cutbacks?

FlyerTalkFebruary 11, 2020
Bonvoy Marriott Category Changes 2020

Here’s a Helpful Spreadsheet to Help You Calculate the Bonvoy Damage

FlyerTalkFebruary 5, 2020
Marriott Bonvoyed Phuket Tailand

Hotel Owner Claims “Bonvoyed,” Sues Over Redemptions

Joe CortezFebruary 4, 2020

Copyright © 2014 Top News Theme. Theme by MVP Themes, powered by Wordpress.


I want emails from FlyerTalk with travel information and promotions. I can unsubscribe any time using the unsubscribe link at the end of all emails