The Marriott hotel group has revealed a data breach that may have affected up to 500 million guests.
The company says the breach relates to the reservation systems of its Starwood subsidiary, and covers reservations made between 2014 and September of this year.
Starwood brands include W Hotels, St Regis, Sheraton Hotels & Resorts, and Westin Hotels & Resorts (including the Westin Dublin).
The company says there was 'unauthorised access' to the Starwood network since 2014.
It also found that an authortised party "had copied and encrypted information, and took steps towards removing it".
For a majority of impacted guests - 327 million - the information potentially accessed includes details such as passport number, date of birth, address and phone numbers.
However, it warns that some credit card information may also have been accessed.
In a statement, the company says it received an alert on September 8th about the breach.
It explained: "For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption.
"There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken. For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information."
Marriott says it "deeply regrets this incident happened", and is cooperating with law enforcement to investigate the breach.
It adds: "From the start, we moved quickly to contain the incident and conduct a thorough investigation with the assistance of leading security experts.
"Marriott is working hard to ensure our guests have answers to questions about their personal information with a dedicated website and call center."
The company is also working to phase out the Starwood reservation system.
More information about the breach is available on the Marriott website.
