In another example that shows all companies are at threat from hackers, another major brand has been breached. Marriott International, a major hotel chain, confirmed Friday it has suffered a data breach. The company says hackers illegally and successfully gained access to its Starwood Hotels subsidiary.

As we know data breaches happen, but Marriott International admits this one was very serious. Indeed, the company says hackers have enjoyed access to Starwood Hotels since 2014. Over the four years since, the personal information of around 500 million guests may have been exposed.

Of course, a lot of people have stayed in Starwood hotels since 2014. While Marriott cannot say how many people are affected, the number is surely in the hundreds of millions.

The company says around 327 million guests had personal information including passport details, email addresses, physical addresses, and phone numbers. Furthermore, many users also may have had credit card details exposed.

Markets reacted to the news and Marriott International shares fell nearly 6% and were trading at $115 before close.

IT teams within the organization discovered the breach through an internal security check on September 8. The company later found that the breach occurred long before and had been active for years.

Long Game

It is worth noting that the attack occurred and was ongoing before Marriott International acquired Starwood in 2016. After discovering the breach, the company notified authorities and regulatory bodies around the world.

As for effected guests, the company did not put a specific figure on the breach. However, Marriott says it will contact those affected via email.

“We are still investigating the situation, so we don’t have a list of specific hotels. What we do know is that it only impacted Starwood brands,” Marriott spokesman Jeff Flaherty told Reuters.