Marriott said data for about 500 million guests who made reservations at its Starwood properties may have had their data exposed in a breach of its reservation database.
The company said in a statement that it discovered "unauthorized access" to the database, which extended back until 2014. The hacker had copied and encrypted information and "took steps toward removing it," Marriott said.
The data impacts up to 500 million guests who made reservations at a Starwood hotel. For about 327 million of those, the breached information includes data such as names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
In some cases, payment card numbers and expiration dates were also taken, but Marriott said it's unclear whether the hackers have information to decrypt the payment card numbers.
Marriott said it has set up a website for consumers impacted by the hack, at info.starwoodhotels.com, and a call center. "Call volume may be high, and we appreciate your patience," the company said.