Marriott International said Friday it fell victim to a data breach involving its Starwood guest reservation database, affecting 500 million guests.
The hotel chain first received an alert about an attempt to enter its database in September, and after an investigation it found there had been unauthorized access since 2014, leading to the copying and encrypting of information.
On Nov. 19, Marriott was able to determine data that was tampered with was from the Starwood guest reservation database.
The hacking dated to before Marriott bought Starwood Hotels and Resorts in 2016, becoming the world's largest hotel chain.
"We deeply regret this incident happened," Marriott President and CEO Arne Sorenson said in a statement. "We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
For 327 million guests who were hacked, names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood account information, dates of births, gender, arrival and departure information, reservation dates and communication preferences were obtained.
For some of guests credit card information were also taken. Although Marriott stressed information had been encrypted, it said the possibility some data being decrypted could not be ruled out.
New York Attorney General Barbara Underwood announced she would investigate.
"We’ve opened an investigation into the Marriott data breach. New Yorkers deserve to know that their personal information will be protected," Underwood said on Twitter.
The data breach ranks among the largest ever, behind 3 billion Yahoo accounts that were hacked. Earlier this year, Under Armour also announced a data breach involving 150 million customers from its fitness app.