Don’t Expect Marriott To Pay For Your Compromised Passport Replacement


Many websites and reputable news organizations have over the past few days incorrectly reported that Marriott would pay for passport replacements for those consumers that had theirs compromised during the data hack that continued for four years.


Marriott still hasn’t even emailed to all members that had their info compromised and is unable to divulge what exactly was leaked if you call one information hotline numbers on the email.

You can access Marriott’s page for the security incident here.

Here’s what Marriott told the Washington Post (access their piece here):

“We are setting up a process to work with our guests who believe that they have experienced fraud as a result of their passports being involved in this incident,” Kim said. “If, through that process, we determine that fraud has taken place, then the company will reimburse guests for the costs associated with getting a new passport.”

So, they only pay for the passport replacement if the information from the compromised one was used in fraudulent manner and Marriott could somehow determine that fraud had taken place.

Practically impossible don’t you think? How are you supposed to prove that the information from your passport was used, for example for identity fraud purposes?


Marriott purely made this announcement after a Congressman suggested that Marriott should cover a new passport for every affected consumer. It would cost Marriott billions if everyone who had their information and passport data compromised made the hotel company pay for a replacement one.

I believe that hotel companies (not just Marriott) try to collect too much data from the travelers when it is not required including the passport information.

Some countries may require this during the registration process but most do not. I often request that hotel do not copy my passport when it is not required by local laws because you often see these passport copies later handled in a very unprofessional manner and I doubt that they have any data retention process in place to destroy them.