FILE - This Oct. 5, 2010 file photo shows the exterior of a Marriott hotel in Santa Clara, Calif. Marriott says that fewer guest records were involved in a previously announced data breach than it initially disclosed. The lodging company said Friday, Jan. 4, 2019, that it now believes that the number of potentially involved guests is lower than the 500 million originally estimated. (AP Photo/Paul Sakuma, File)
FILE - This Oct. 5, 2010 file photo shows the exterior of a Marriott hotel in Santa Clara, Calif. Marriott says that fewer guest records were involved in a previously announced data breach than it initially disclosed. The lodging company said Friday, Jan. 4, 2019, that it now believes that the number of potentially involved guests is lower than the 500 million originally estimated. (AP Photo/Paul Sakuma, File) Credit: Paul Sakuma

Bethesda, Md. — Fewer Marriott guest records than previously feared were compromised in a massive data breach, but the largest hotel chain in the world confirmed on Friday that approximately 5.25 million unencrypted passport numbers were accessed.

The compromise of those passport numbers has raised alarms among security experts because of their value to state intelligence agencies.

The FBI is leading the investigation of the data theft and investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, the rough equivalent of the CIA.

The hackers accessed about 20.3 million encrypted passport numbers. There is no evidence that they were able to use the master encryption key required to gain access to that data.

Unencrypted passport numbers are valuable to state intelligence agencies because they can be used to compile detailed dossiers on people and their international movements. With China, it would allow that country’s security ministry to add to databases of aggregated information on valued individuals. Those data points include information on people’s health and finances.