Sen. Charles Schumer

WASHINGTON • Sen. Charles Schumer, D-N.Y., is calling on Marriott International to cover the $110 cost of replacing passports for consumers impacted by the breach of the hotel giant’s Starwood systems, which compromised the personal information of as many as 500 million guest accounts.

Of the bevy of personal data mined by the hackers — which included mailing and email addresses, flight information, phone numbers and birth dates, among other things — passport numbers might be the most troubling. Connie Kim, a Marriott spokeswoman, has declined to specify how many passport numbers were stolen. On Friday, the company said in a release that a “smaller subset” — up to 327 million customers — may have seen their passport numbers stolen.

“Marriott must personally notify customers under the greatest security risk immediately and then foot the bill for those folks to acquire a new passport and number should they request it,” Schumer said in a statement Sunday. “Right now, the clock is ticking to minimize the risk customers face and one way to do this is to request a new passport and make it harder for thieves to paint that full identity picture.”

Marriott did not immediately respond to a request for comment as to whether it would be will to pay for new passports. According to the U.S. State Department website, passport replacement fees are $110.

In the wake of the breach, the U.S. State Department said its records and systems were not connected to Marriott’s and that a fake passport could not be created with a passport number alone. But as Schumer said, when used in concert with other personal information, they could present a serious risk to personal security.

“The experts will tell you, there is an art to identity theft and it lies in the ability to paint the most complete picture of the person whose information you’re looking to steal or sell,” Schumer said. “Unfortunately, for many travelers who have stayed in one of Marriott’s Starwood hotels, they’ve provided the company with an array of personal color — like their passport information — that thieves can now access to complete the canvass and assume or sell an identity.”

Hackers accessed the reservation system of Starwood hotels — which includes brands like Sheraton, St. Regis and Westin — sometime in 2014. The breach went undetected during Marriott’s acquisition of Starwood in 2016 and wasn’t discovered until early September of this year. In the years between, hackers encrypted and tried to remove information on 500 million customers. The breach is second in scale only to Yahoo’s 2013 and 2014 breaches, affecting 3 billion accounts.

New York Attorney General Barbara Underwood, Maryland Attorney General Brian Frosh and Pennsylvania Attorney General Josh Shapiro all said their offices had opened investigations into the Marriott breach. And for many other government officials, the breach has become a rallying cry for arguing for stricter consumer privacy regulation.

“Checking in to a hotel should not mean checking out of privacy and security protections,” said Sen. Edward Markey, D-Mass., a member of the Commerce, Science and Transportation Committee said Friday.