Marriot disclosed a massive breach of data from 500 million customers in late November.
Guests staying at any of the Starwood brand's hotels, including W Hotels, St. Regis, Sheraton, Westin, Element, and Aloft, on or before September 10, had their data exposed.
Exposed information included names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, gender, and other Starwood account information.
Encrypted credit-card information was also exposed, and, potentially, the key to decrypt it.
"Marriott reported this incident to law enforcement and continues to support their investigation," the company said at the time. "The company has already begun notifying regulatory authorities."
Arne Sorenson, Marriott's president and CEO, said: "We deeply regret this incident happened."