Nov 30, 2018

Behind the Marriott breach's "500 million affected" tally

Photo: Craig Barritt/Getty Images for Starwood Preferred Guest

Marriott announced Friday that up to 500 million people might be affected by a data breach of the Starwood properties guest reservation system. But it's harder than ever today to interpret a first estimate —"up to 500 million" could mean 500 million, nearly five hundred million, or substantially less.

The big picture: The new privacy law in the European Union, the General Data Protection Regulation (GDPR), requires companies to notify government agencies about breaches almost immediately. Gone are the days where a company can do a full investigation before announcing a breach, and that means most are likely to overestimate until better facts come in.

500 million guests: Marriott has an advantage in trying to figure out who was affected in the breach since the company found the database of information hackers were compiling to steal, and it first decrypted the database 11 days ago.

  • But, as the press release notes, "The company has not finished identifying duplicate information in the database." That would be important, because there are people who have stayed at Starwood hotels more than once.

Between the lines: GDPR only took effect this year and there have been few breaches of this potential size in history, meaning there is virtually no comparable instance to help gauge how the 500 million number might change.

  • Remember, breach estimates have been wrong in the other direction before, too. Equifax repeatedly had to revise the number of people affected by its breach upward by millions.

The bottom line: Whether the number shrinks, grows or stays the same, the best advice is this: If you've stayed at a Starwood property, assume you were affected until you can confirm otherwise.

Go deeper

Coronavirus spreads to more countries, and South Korea ups its case count

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The novel coronavirus continues to spread to more nations, and the U.S. reports a doubling of its confirmed cases to 34 — while noting those are mostly due to repatriated citizens, emphasizing there's no "community spread" yet in the U.S. South Korea's confirmed cases jumped from 204 on Friday to 433 on Saturday.

The big picture: COVID-19 has now killed at least 2,362 people and infected more than 77,000 others, mostly in mainland China. New countries to announce infections recently include Israel, Lebanon and Iran.

Go deeperArrowUpdated 15 mins ago - Health

Centrist Democrats beseech 2020 candidates: "Stand up to Bernie" or Trump wins

Bernie Sanders rallies in Las Vegas, Nevada on Feb. 21. Photo: Mario Tama/Getty Images

Center-left think tank Third Way urgently called on the Democratic front-runners of the 2020 presidential election to challenge Sen. Bernie Sanders on the South Carolina debate stage on Feb. 25, in a memo provided to Axios' Mike Allen on Saturday.

What they're saying: "At the Las Vegas debate ... you declined to really challenge Senator Sanders. If you repeat this strategy at the South Carolina debate this week, you could hand the nomination to Sanders, likely dooming the Democratic Party — and the nation — to Trump and sweeping down-ballot Republican victories in November."

Situational awareness

Warren Buffett. Photo: Daniel Zuchnik/WireImage

Catch up on today's biggest news:

  1. Warren Buffett releases annual letter, reassures investors about future of Berkshire Hathaway
  2. Greyhound bars immigration sweeps
  3. U.S. military officially stops offensive operations in Afghanistan
  4. America's future looks a lot like Nevada
  5. Centrist Democrats beseech 2020 candidates: "Stand up to Bernie" or Trump wins