About 327 million guests had a combination of name, mailing address, phone number, email, passport number, Starwood Preferred Guest information, birthday and gender accessed by the hackers, Reuters reported.
Reuters reported Marriott International said the unauthorized access started in 2014 and that the hackers copied and encrypted information.
Marriott bought Starwood in 2016.
Company officials said they have contacted law enforcement and have started to notify regulatory authorities, Bloomberg reported.
"We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward," Chief Executive Arne Sorenson said via a press release to The Wall Street Journal.