Marriott International, the world’s largest hotel chain, announced Friday that the private data of up to 500 million Starwood customers, including contact details and potentially credit card information, was compromised. Starwood merged with Marriott in 2016 and owns Sheraton and Westin hotels, among other brands.

Following a company-wide database assessment, Marriott concluded on November 19 the breach occurred on Starwood’s network and that unauthorized activity has taken place on its servers since 2014, which included duplicating and encrypting data.

“The company has not finished identifying duplicate information in the database, but believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property,” the Bethesda, Maryland-based company said in a statement. 

Marriott said roughly 327 million guests had their names, phone number, email addresses, along with passport numbers were illegally obtained in the breach. “There are some customers who may have also had their credit card information taken. While that data would have been encrypted, Marriott said it can’t rule out the information may have been decoded,” NBC News reports.

According to ABC News, the hotel giant has experienced a variety of issues with its guest loyalty programs after Marriott acquired Starwood for $13 billion in 2016.

The hotel chain has launched a customer service website and call center dedicated to customers impacted by the breach.