Marriott says hackers have managed to access the personal data of 500 million of its hotel guests over a four year period. The compromised data includes email addresses, passport numbers, and credit card information. The world’s largest hotel chain announced the data breach last Friday, in what people are calling the worst cyber hack attack to date.

Hackers have been lurking on networks owned by Marriot for years and managed to go undetected since 2014. Those four years of access to Marriott’s cyber networks allowed the hackers to remain in the networks and escalate taking control while pulling guest information. Marriott discovered these hacks in early September yet waited 3 months before announcing its findings to the public. Marriott reports that they brought in outside experts and stopped any further removal of information from their networks. Marriott international is the parent company of Starwood hotels which owns a number of different chains of hotels. The breach also affects hotel chains such as Sheraton, Westin, Elements Aloft, W Hotels, St. Regis, Four points, La Meridien, and the Starwood branded timeshare properties. Canadian hotels have also been affected by the data breach.

Security experts say that, in a worst case scenario, the breaches of passports could create a larger security crisis allowing criminals to create false passports to enter the country. Hackers could also open financial accounts using the data taken from passports. Hours after announcing the data breach on Friday, two Oregon men sued Marriott for exposing their data. Their lawsuit was followed hours later by another one filed in the state of Maryland. Hackers gaining access to personal information of guests has caused many people to question the decision making of Marriott in handling the situation. This breach is one of many that have affected companies worldwide, as hackers around the world continue to steal people’s information. Marriott has issued an apology and plans to rectify the situation as soon as possible.