While Marriot International lowered the number of Starwood records affected by the cyberattack that it revealed in November from 500 million to 383 million due to duplicates, it revealed hackers were able to access passport details of its 5.25 million guests.

In its latest advisory, Marriot said its data analysis and investigation yielded records to be unencrypted. It also claimed that the figures may also decline in the coming months should they find more duplicates. The other new pieces of information the management said might have been affected were “8.6 million unique payment card numbers, all of which were encrypted… and approximately 20.3 million encrypted passport numbers.”

“We concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database,” the advisory says.

Marriot revealed last year of “unauthorized access” to Starwood reservation database “since 2014.” Customer details that might have been accessed include name, birthday, check-in as well as checkout dates, encrypted payment card numbers, and reservation dates.

There was nowhere in the advisory indicates if the management already knows who is behind the attack.

In December last year, the New York Times reported that the cyberattacks were part of “a Chinese intelligence-gathering effort” that also hacked health insurers and security clearance files of millions of Americans. The Times’ report also said that its sources said the hackers “are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. ”

China denied the allegations.

Marriot said an exhaustive investigation is still underway and the figures might still be lower than initially reported.