The FBI is investigating after the details of up to 500 million Starwood hotel guests may have been exposed when a reservation database was breached.
Information, including passport numbers, birth dates, names, addresses and phone numbers of 327 million people, has been accessed by unauthorised parties since 2014.
The payment card numbers and expiration dates of some customers may have also been taken, said Marriott, which bought Starwood in 2016.
For some guests, the information was limited to their names and sometimes other data such as mailing address, email address or other data.
Payment card numbers are encrypted using a method that requires two components to break it, the company said. "Marriott has not been able to rule out the possibility that both were taken," it added.
The breach was discovered on 8 September, when the company found that an unknown party had "copied and encrypted information, and took steps towards removing it".