Marriott breach included 5 million unencrypted passport numbers

More than 25 million passports were exposed.

Marriott has good news and bad news for travelers who have passed through its hotels. The good news is the data breach disclosed back in November, which was originally believed to have exposed the data of more than 500 million people, affected fewer travelers than originally reported (though it didn't specify how many). The bad news is the data lifted from the company included millions of peoples' passport numbers.

In a statement released Friday, the hotel chain said the "upper limit" for the number of potentially compromised guests is around 383 million, though it's likely that some of those records are duplicates. Regardless, the breach affected a lot of people who have stayed at Marriot hotels and exposed personal and financial information. As for passports, Marriot said approximately 5.25 million unencrypted passport numbers and 20.3 million encrypted passport numbers were accessed in the breach.

The FBI is currently looking into the Marriott hack. Last month, the New York Times reported that preliminary results of an investigation into the breach suggested it may have been part of a Chinese intelligence operation. While China denied any role in the attack against Marriott, the NSA recently warned about increased hacking activity from the country.