Source: The New York Times

The hotel chain hasn't said how many of the 500 million customers affected by a data breach had their passport numbers stolen. But the State Department and privacy experts disagree on the danger.

It has become a familiar dance: A company reports a data breach, and you dutifully change your passwords, ask for a new credit card and hope your information doesn't end up for sale on the dark web. But the hack that last week engulfed Marriott — and 500 million of its customers — has added a new step: Your passport might be at risk, too.

Whether those customers should go get a new passport is perhaps the most complicated consumer question hanging out there in the wake of the news that millions of Starwood Hotels customers had their data stolen in a breach that began as early as 2014. Brands like Westin, Sheraton, Aloft and W are affected, but not Marriott brands that predate the company's acquisition of Starwood in 2016.

Besides passport information, the thieves took names, addresses, dates of birth, and credit or debit card numbers, though it's possible that they did not get access to every bit of information for each person in the company database.

Given how often bank card fraud occurs, Starwood customers may have obtained a new number in the past few years, anyway.

Read the full article at The New York Times