Marriott CEO Tells Senators Passport Changes Being Considered After Data Breach


Skift Take

You can see the dilemma that Marriott and other hotels face: Keep passport data strictly at the property level, where management may not be technically adept, or centralize the information where it can be potentially hacked in one fell swoop. CEO Sorenson is leaning toward the local approach. Either way is risky business.
Marriott is considering changing the way it stores passport information — that is not without risks — in the wake of the breach of the Starwood reservation system that Marriott announced in November. In testifying before a Senate homeland security subcommittee, Marriott CEO Arne Sorenson said Thursday in the future all of the passport data it obtains likely will be encrypted, and the chain will likely opt to store passport information at the property level instead of in a centralized database. The hearing was convened to discover if legislation is necessary to prevent large-scale data breaches in the future. (A video of Sorenson's appearance before the subcommittee is embedded below, and his prepared remarks are there, as well.) Sorenson noted that numerous countries require hotels to collect and even make physical copies of the travel document when guests check in. Starwood, which Marriott acquired in 2016, traditionally collected passport information and transferred it to a centralized platform;