On January 3, Marriott International provided an update on the breach originally disclosed on November 30. During the four-year intrusion, threat actors stole data on approximately 383 million customers, down from the original estimate of 500 million. In addition, of the 25.5 million passport numbers accessed, 5.25 were stored in clear text, allowing threat actors to more easily steal customers’ identities. Customers can contact Marriott to determine if their passport number was included in the unencrypted set. Marriott previously stated they would compensate customers for passport replacements if they could prove fraud had occurred. About 8.6 million encrypted payment cards were also exposed; however, only 354,000 were unexpired as of September 2018. Customers can take advantage of free web monitoring services offered by Marriott by visiting https://info.starwoodhotels.com/.