Many Marriott International (MAR) investors are likely sick of the overhang of its data breach issues, but as Senate hearings and inquiries persist, context is key to assess the remaining risk.
Upon the announcement of the hacks in late November, MAR fell nearly 6%, kick-starting a slump that saw the stock decline to a low of just over $100 per share, nearly $50 off the 2018 high.
"The hackers accessed people's names, addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, Starwood loyalty program account information, and reservation information," Seena Gressin, an FTC attorney wrote in a consumer report. "For some, they also stole payment card numbers and expiration dates. Marriott says the payment card numbers were encrypted, but it does not yet know if the hackers also stole the information needed to decrypt them."
The breach, which was once thought to be the second largest in history, was a persistent problem into year-end, attracting a great deal of negative attention to the company just as it was seeking to increase usage of its rewards programs.
Interestingly, the stock has rebounded more than 20% from its lows as the company has worked to rectify the situation and clarify the extent to which it was infiltrated.
The number of accounts affected has shrunk from an estimated 500 million, to about 383 million. Of that number, the company noted that only a small percentage of these individuals actually had passport information stolen.
While the large number of individuals affected still places Marriott in the top five hacks ever, the reduction in the estimate moves the scale down by over 100 million and takes Marriott from second to fourth.
"We want to provide our customers and partners with updates based on our ongoing work to address this incident as we try to understand as much as we possibly can about what happened," said Arne Sorenson, Marriott's President and Chief Executive Officer in an update released in January. "As we near the end of the cyber forensics and data analytics work, we will continue to work hard to address our customers' concerns and meet the standard of excellence our customers deserve and expect from Marriott."
He added in testimony before a Senate panel in March that the hack was largely attributable to the recently acquired Starwood brand.
"In the Starwood system it was done locally and then essentially centralized into the data system," Sorenson said.
He added that the company will look to decentralize its databases and encrypt information in the future to avoid similar issues.
Considering the Bonvoy rewards programs has sustained growth of about 1.5 million users per month, consumer confidence in the brand appears to have returned as transparency tempers concerns.
In the end, investors in Marriott should be encouraged they didn't invest in Equifax (EFX) .