A Marriott spokesperson said the hotel chain is working on a way to reimburse some users for the costs of getting new passports if they're one of the persons whose data was leaked in a massive data breach last week.
Not all users will be reimbursed, a spokesperson said, but only those users who can prove they've been the victims of fraudulent operations where the passport number was involved.
"We are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident," said Connie Kim, Marriott spokesperson, in an email to The Washington Post.
"If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport," she added.
The hotel chain's statement came after New York Democrat Senator Chuck Schumer publicly called on Marriott to pay for people's passport replacement fees over the last weekend.
"The data breach at Marriott compromised millions of travelers' U.S. passport info," Schumer said. "A new passport costs $110. Marriott must personally notify customers at greatest risk. And Marriott should pay the costs of a new passport for victims who request it."
The Marriott data breach was announced exactly a week ago. The hotel chain said hackers had gained access to the hotel guest reservation system used at Marriott subsidiary Starwood, and its smaller brands, including W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels.
Marriott said hackers stole the personal details of over 500 million users, and for over 327 million, those details might have also included a passport number. Marriott put up a website that offered information for affected guests.
Marriott was sued within hours after announcing the data breach, and official investigations were set in motion in several US states and countries around the globe.
A Reuters report this week cited sources inside the hack investigation and claimed that the hack might have been the work of Chinese government hackers.
The hotel chain is also believed to be on the hook for as much as $3.5 billion in data breach expenses, according to industry accepted figures.
More data breach coverage:
- Twelve US states join for the first time to file multistate data breach lawsuit
- BeatStars discloses security breach in Twitter live stream
- Quora discloses mega breach impacting 100 million users
- Marriott reveals data breach affecting 500 million hotel guests
- Dunkin' Donuts accounts may have been hacked in credential stuffing attack
- Dell announces security breach
- Cathay Pacific breach leaks personal data on 9.4 million people CNET
- Why 31% of data breaches lead to employees getting fired TechRepublic