A security breach inside Marriott's worldwide hotel empire has compromised the information of as many as 500 million guests, exposing in some cases credit card numbers, passport numbers and birthdates, the company said Friday.
Alarming security analysts, Marriott said that unauthorized access to data within its Starwood network has been taking place since 2014 in what may be among the largest data breaches on record.
Marriott acquired Starwood in 2016 and the process of merging its computer system with Starwood computers has been marred by technical glitches.
The company said credit card numbers and expiration dates of some guests may have been taken.
For as many as two-thirds of those affected, data exposed could include mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences.
For some guests, the information was limited to name and sometimes other data such as mailing address, email address or other information.
"We fell short of what our guests deserve and what we expect of ourselves," CEO Arne Sorenson said in a prepared statement.
"We are doing everything we can to support our guests, and using lessons learned to be better moving forward."
"People should be concerned that criminals could use this info to open fraudulent accounts in their names."