International hotel group Marriott International said the privacy of about 500 million guests may have been compromised in a cyber attack - the biggest in the last five years.
The hotelier said it was investigating "unauthorised access" of guest reservation database at its Starwood unit since 2014.
Passport and credit card information of guests have been compromised in the security breach.
The Maryland-headquartered group said in a statement it was acting on an alert received on September 8 from an internal security tool regarding attempts to access its Starwood guest reservation database.
"Marriott recently discovered that an unauthorised party had copied and encrypted information, and took steps towards removing it," it said.
"On November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the Starwood guest reservation database," it added.
The attack would the biggest since the attack on Yahoo in 2013, which exposed all of its three billion users.
_________________
Read more:
Cyber attack group targets UAE and Lebanese government officials
Careem hit by cyber attack with data of up to 14 million users stolen
A reformed hacker shares his tips on how to stay safe online