The international hotel group Marriott said on Friday that hackers illegally accessed its Starwood Hotels brand’s reservation database since 2014, potentially exposing personal information on about 500 million guests, according to Reuters.
Shares of the company fell nearly 6 percent following the announcement.
The Marriott hotel group has one hotel affiliated in Bucharest but its Starwood brand is not present yet on the Romanian market.
According to Marriott, personal information compromised for 327 million guests could include passport details, phone numbers and email addresses. For some others, it could include credit card information.
The company learned about the breach after an internal security tool sent an alert on September 8. On further investigation, the hotel chain learned data had been hacked long before.
The company, which bought Starwood in 2016, said it had reported the incident to law enforcement and had begun notifying regulatory authorities.
Marriott said it would send emails to affected guests, starting Friday.
“We are still investigating the situation so we don’t have a list of specific hotels. What we do know is that it only impacted Starwood brands,” Marriott spokesman Jeff Flaherty told Reuters.
Marriott said it was too early to estimate the financial impact of the breach.
Hotel groups have of late become a target of hackers, seeking to steal information such as credit card data.
Last year, both InterContinental Hotels Group and Hyatt Hotels were victims of cyber-attacks.