The hotel chain said Friday hacket affects its Starwood reservation database, a group of hotels purchased in 2016 which includes St. Regis, Westin, Sheraton and W Hotels.
Marriott said hackers had been granted “unauthorized access” to the Starwood reservation system since 2014, but the company only identified the problem last week.
“The company recently discovered that an unauthorized party had copied and encrypted information, and took steps to remove it,” said Marriott in a statement.
For 327 million people, Marriott says that the visitors’ visible information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival information. For millions of others, their credit card numbers and card expiration date were potentially compromised.
Marriott warns that it can not confirm whether the hackers could decrypt the credit card numbers.
“We have broken what our guests deserve and what we expect. We do everything we can to support our guests and use lessons to get better,” says CEO Arne Sorenson in a statement.
The hotel chain said it reported hack to law enforcement. Marriott said it will start mailing guests who have suffered the violation and have created an information site.