Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Craig Barritt/Getty Images for Starwood Preferred Guest

Marriott announced Friday that up to 500 million people might be affected by a data breach of the Starwood properties guest reservation system. But it's harder than ever today to interpret a first estimate —"up to 500 million" could mean 500 million, nearly five hundred million, or substantially less.

The big picture: The new privacy law in the European Union, the General Data Protection Regulation (GDPR), requires companies to notify government agencies about breaches almost immediately. Gone are the days where a company can do a full investigation before announcing a breach, and that means most are likely to overestimate until better facts come in.

500 million guests: Marriott has an advantage in trying to figure out who was affected in the breach since the company found the database of information hackers were compiling to steal, and it first decrypted the database 11 days ago.

  • But, as the press release notes, "The company has not finished identifying duplicate information in the database." That would be important, because there are people who have stayed at Starwood hotels more than once.

Between the lines: GDPR only took effect this year and there have been few breaches of this potential size in history, meaning there is virtually no comparable instance to help gauge how the 500 million number might change.

  • Remember, breach estimates have been wrong in the other direction before, too. Equifax repeatedly had to revise the number of people affected by its breach upward by millions.

The bottom line: Whether the number shrinks, grows or stays the same, the best advice is this: If you've stayed at a Starwood property, assume you were affected until you can confirm otherwise.

Go deeper

1 hour ago - World

Biden freezes U.S. arms deals with Saudi Arabia and UAE

Trump struck several large arms deals with Mohammed bin Salman (L) and Saudi Arabia. Photo: Kevin Dietsch-Pool/Getty Images

The Biden administration has put on hold two big arms deals with Saudi Arabia and the United Arab Emirates which were approved in the final weeks of the Trump administration, a State Department official tells Axios.

Why it matters: The sales of F-35 jets and attack drones to the UAE and a large supply of munitions to Saudi Arabia will be paused pending a review. That signals a major policy shift from the Trump era, and may herald sharp tensions with both Gulf countries.

Dan Primack, author of Pro Rata
2 hours ago - Podcasts

Robert Downey Jr. launches VC funds to help save the planet

Robert Downey Jr. on Wednesday announced the launch of two venture capital funds focused on startups in the sustainability sector, the latest evolution of a project he launched two years ago called Footprint Coalition.

Between the lines: This is a bit of life imitating art, as Downey Jr. spent 11 films portraying a character who sought to save the planet (or, in some cases, the universe).

DHS warns of "heightened threat" because of domestic extremism

Supporters of former President Trump protest inside the U.S. Capitol on Jan. 6. Photo: Roberto Schmidt/AFP via Getty Images

The Department of Homeland Security on Wednesday issued an advisory warning of a "heightened threat environment" in the U.S. because of "ideologically-motivated violent extremists."

Why it matters: DHS believes the threat of violence will persist for "weeks" following President Biden's inauguration. The extremists include those who opposed the presidential transition, people spurred by "grievances fueled by false narratives" and "anger over COVID-19 restrictions ... and police use of force[.]"