I've had my personal information leaked by Target, Home Depot, Hyatt, Hilton, Chase, Equifax and others. I'm guessing hackers in Russia, China, and many other countries have my passport info since it is scanned at every international hotel I stay in.

As unfortunate as this is (and Maybe it will end up costing Marriott Billions), the reality is that anyone running old on-premise software has likely been hacked. For every one of these that is detected there are many more that are not. There are too many software vulnerabilities and companies are still struggling to encrypt data properly. The amount of time it took Marriott and SPG to merge their systems was due to them both being old, brittle and not well understood. How does someone even protect these systems? You can build walls around them but hackers eventually find ways in.

Companies need too stop storing personal information and governments need to stop requiring it to be collected everywhere.