Marriott has announced a massive breach of data belonging to 500 million guests who stayed at hotel brands including W, Sheraton, and Westin.

Marriott announced on Friday that it had “taken measures to investigate and address a data security incident” that stemmed from its Starwood guest authorization database.

The company said it believes that around 500 million people’s information was accessed, including an unspecified number who had their credit card details taken. It affects customers who made bookings on or before September 10, 2018.

Marriott said that this credit card information was encrypted, but that it is possible that the hackers also took the information necessary to decrypt them.

For around 367 million of those affected, Marriott said, the information taken includes some combination of their name, mailing address, phone number, email address, passport number, date of birth, gender, and other information around their Starwood account.

The company determined on November 19 that there had been unauthorized access to the Starwood database, which contained information from guests who stayed in Starwood properties on or before September 10 of this year.