Photo: Craig Barritt/Getty Images for Starwood Preferred Guest

Marriott announced Friday that up to 500 million people might be affected by a data breach of the Starwood properties guest reservation system. But it's harder than ever today to interpret a first estimate —"up to 500 million" could mean 500 million, nearly five hundred million, or substantially less.

The big picture: The new privacy law in the European Union, the General Data Protection Regulation (GDPR), requires companies to notify government agencies about breaches almost immediately. Gone are the days where a company can do a full investigation before announcing a breach, and that means most are likely to overestimate until better facts come in.

500 million guests: Marriott has an advantage in trying to figure out who was affected in the breach since the company found the database of information hackers were compiling to steal, and it first decrypted the database 11 days ago.

  • But, as the press release notes, "The company has not finished identifying duplicate information in the database." That would be important, because there are people who have stayed at Starwood hotels more than once.

Between the lines: GDPR only took effect this year and there have been few breaches of this potential size in history, meaning there is virtually no comparable instance to help gauge how the 500 million number might change.

  • Remember, breach estimates have been wrong in the other direction before, too. Equifax repeatedly had to revise the number of people affected by its breach upward by millions.

The bottom line: Whether the number shrinks, grows or stays the same, the best advice is this: If you've stayed at a Starwood property, assume you were affected until you can confirm otherwise.

Go deeper

Updated 22 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Annelise Capossela/Axios

  1. Global: Total confirmed cases as of 1:30 p.m. ET: 20,412,501 — Total deaths: 744,649— Total recoveries: 12,629,465Map.
  2. U.S.: Total confirmed cases as of 1:30 p.m. ET: 5,163,509 — Total deaths: 164,994 — Total recoveries: 1,714,960 — Total tests: 63,252,257Map.
  3. Politics: Pelosi on state of coronavirus stimulus talks: "It's a chasm"
  4. Business: U.S. already feeling effects of ending unemployment benefits.
  5. Public health: America is flying blind on its coronavirus response.
  6. Education: Gallup: America's confidence in public school system jumps to highest level since 2004.

Pelosi on state of coronavirus stimulus talks: "It's a chasm"

Democrats and the Trump administration remain "miles apart" on negotiations over a coronavirus stimulus deal, House Speaker Nancy Pelosi (D-Calif.) said on Wednesday.

Driving the news, via Axios' Dion Rabouin: Congress' failure to renew enhanced unemployment measures for millions of Americans at the end of July is already affecting consumer spending patterns, holding down retail purchases and foot traffic, economists at Deutsche Bank say.

3 hours ago - World

U.S. threatens to veto UN peacekeeping in Lebanon over Hezbollah concerns

Peacekeepers with Lebanese troops in southern Lebanon. Photo: Jalaa Marey/AFP via Getty

The Trump administration is threatening to veto a resolution to extend the UN's long-standing peacekeeping mission in southern Lebanon if its mandate isn't changed, Israeli and U.S. officials tell me.

Why it matters: The U.S. is the main funder of the UN Interim Force in Lebanon (UNIFIL), which has an annual budget of $250 million. The veto threat is a tactical move, and part of a broader effort to put pressure on Iran and its proxy in Lebanon, Hezbollah.