Marriott International disclosed on Friday a data breach involving its guest reservation database at its Starwood Hotel brand that it said could affect at least 500 million guests.
Shares of Marriott fell almost 5 percent in pre-market trading on Friday.
The personal information of at least 327 million guests, including name, mailing address, phone number, email address, passport number, birthday and gender, may have been accessed by an unauthorized party, Marriott said in a news release.
For some guests, the information could also include credit card numbers and expiration dates.
The hotel chain said an investigation uncovered the breach, which could affect guests who stayed in Starwood hotels on or before Sept. 10, on Nov. 19. Marriott said it reported the incident to law enforcement.
“We deeply regret this incident happened,” said Arne Sorenson, Marriott’s president and CEO, in a statement “We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
Hours after the breach was disclosed, New York Attorney General Barbara Underwood said in a tweet the state had launched an investigation in the data breach.
“New Yorkers deserve to know that their personal information will be protected,” she wrote.