The New York Attorney General has opened an investigation into a Marriott Hotel data breach that may have affected 500 million guests.
the case is potentially one of the largest breaches of consumer data ever.
The hotel chain says an internal investigation has found an attacker had been able to access its guest reservation database since 2014 and had copied and encrypted information.
The world's largest hotel chain said it first received an alert in September from an internal security tool of an attempt to breach the database.
Marriott said it determined on Nov. 19 that the information was from its Starwood database.
"The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property," the company said in a statement.
For about 327 million of the guests, it added, the information includes some combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
There are some customers who may have also had their credit card information taken. While that data would have been encrypted, Marriott said it can't rule out the information may have been decoded.
UK editor at TechRepublic, Steve Ranger told Euronews how worried customers should be: