The hotel chain asked guests checking in for a treasure trove of personal information: credit cards, addresses and sometimes passport numbers. On Friday, consumers learned the risk. Marriott International revealed that hackers had breached its Starwood reservation system and had stolen the personal data of up to 500 million guests.

The assault started as far back as 2014, and was one of the largest known thefts of personal records, second only to a 2013 breach of Yahoo that affected three billion user accounts and larger than a 2017 episode involving the credit bureau Equifax.

The intrusion was a reminder that after years of headline-grabbing attacks, the computer networks of big companies are still vulnerable.

The Starwood attack happened roughly the same time as a number of other breaches at American health insurers and government agencies, including the United States Office of Personnel Management, in what security research firms and government officials described as an effort to compile a vast database of personal information on potential espionage targets.