That would make it the largest data breach on record, surpassing the 2017 Equifax breach that exposed credit records of more than 145 million consumers.
According to Marriott, the breach occurred at its Starwood Hotel brand. An investigation has revealed that unknown parties gained access to the database sometime in 2014, copying and encrypting information that had been stored there.
Marriott said it was alerted to unauthorized activity and began an investigation in September.
It's not yet clear how much information has been compromised, but the company says for at least 327 million customers, it's extensive. The data includes names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, dates of birth, and gender. Other personal information may also have been compromised.
Payment cards at risk
Payment card information may also have been stolen, but Marriott says that information was encrypted and might not be valuable to hackers. However, Marriott can't determine whether the information needed to decipher the encrypted data was also stolen.
Marriott said it has reported the breach to law enforcement and continues to cooperate with the investigation. The company said it has already begun notifying regulatory authorities.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s CEO. “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Consumers who stayed at a Starwood hotel since 2014 may be affected. Mariott has established a call center to answer consumers’ questions. For consumers in the United States, the number is 877-273-9481. The company also said it will begin sending emails to affected customers.