The Marriott hotel chain has suffered a data breach of its guest reservation database for the Starwood division.
The records of 500 million customers have been compromised, with information for about 327 million guests containing "some combination" of name, mailing address, phone number, email address, passport number, account information, date of birth, gender, and arrival and departure information," according to the company.
It said some records also included encrypted payment card information, but it could not rule out the possibility that the encryption keys had also been stolen.
Marriott said it would notify customers whose records were in the database.
In a statement Marriott said: "We deeply regret this incident happened.
"Marriott reported this incident to law enforcement and continues to support their investigation. The company has already begun notifying regulatory authorities."
The UK's Information Commissioner's Office said: "We have received a data breach report from Marriott involving its Starwood Hotels and will be making enquiries. If anyone has concerns about how their data has been handled they can report these concerns to us."
For more features and breaking news sign up to C&IT Magazine's daily Newstracker here.
Have you registered with us yet?
Register now to enjoy more articles
and free email bulletins.