The Marriott International hotel chain said on Friday that the database of its Starwood reservation system had been hacked and that the personal details of up to 500 million guests going as far back as 2014 had been compromised.
The hotel group, which runs more than 6,700 properties around the world, was informed in September about an attempt to access the database, and an investigation this month revealed that unauthorized access had been made on or before Sept. 10, Marriott said in a statement.
The hotel chain said that personal details including names, addresses, dates of birth, passport numbers, email addresses and phone numbers for hundreds of millions of guests may have been compromised.
The investigation also found that an “unauthorized party had copied and encrypted information, and took steps toward removing it,” the statement said.
Hackers also obtained encrypted credit-card information for some customers, but it was unclear if the hackers would be able to use those payment details.
Marriott said it wasn’t sure how many passport numbers and dates of birth were stolen but said that it was a “subset” of the larger number of affected consumers, since this information is not a part of every reservation.