WASHINGTON: As many as 500 million guests at Marriott International hotels might have been victims of a hack that in most cases pilfered passport numbers or other key identifying data, the company announced on Friday.

Marriott said it was alerted on September 8 that there had been an attempt to hack their reservation database in the United States.

Take a look: 2018 may bring on nastier hack attacks, says McAfee report

The hack is among the largest ever disclosed, prompting a big drop in Marriott shares and an investigation by New York Attorney General Barbara Underwood, who said on Twitter that “New Yorkers deserve to know that their personal information will be protected”.

The company discovered “that there had been unauthorised access to the Starwood network since 2014” which compromised personal and financial information. The probe found “an unauthorised party had copied and encrypted information and took steps towards removing it.”

After decrypting the information, the company found on November 19 “that the contents were from the Star­wood guest reservation database”.

Hotel brands in the Starwood network include Sheraton, Westin, Four Points and W Hotels. Marriott completed a $13.6 billion acquisition of Starwood in 2016. The deal was announced in November 2015. “We deeply regret this incident happened,” Marriott chief Arne Sorenson said in a statement. “We fell short of what our guests deserve and what we expect of ourselves.”

Marriott said hackers accessed information like names, addresses and dates of birth from most of the affected customers but could not rule out that they were also able to access some encrypted credit card information.

Marriott said it would reach out to victims of the hack and was offering support to those affected including free, one-year enrolment in WebWatcher, a service which monitors internet sites where personal data is shared.

Published in Dawn, December 1st, 2018