Receive our newsletter – data, insights and analysis delivered to you
  1. News
November 2, 2020

UK watchdog fines Marriott International for data breach

The UK's data privacy watchdog Information Commissioner’s Office (ICO) has fined Marriott International £18.4m for a major data breach.

The UK’s data privacy watchdog Information Commissioner’s Office (ICO) has fined Marriott International £18.4m for a major data breach.

The penalty is related to a cyber-attack that hit Starwood Hotels and Resorts Worldwide in 2014. This hotel group was acquired by Marriott in 2016.

The data breach, which is estimated to have compromised personal details of around 339 million guests, remained undetected until September 2018.

An ICO investigation found that Marriott failed to implement appropriate technical or organisational measures to protect these personal data in compliance with the General Data Protection Regulation (GDPR).

However, the penalised amount, which has been imposed on Marriott, considered the period from 25 May 2018, when GDPR became effective.

The investigation was carried by ICO on behalf of all European Union (EU) authorities, as the incident happened when the UK was part of the EU.

Content from our partners
Untapped: How Turks and Caicos is primed for tourism investment
Untapped: How Turks and Caicos is primed for tourism investment
LG smart hospitality solutions in a post-COVID era

In a statement, Information Commissioner Elizabeth Denham said: “Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect.”

The statement also added that Marriott acted promptly on the incident and took prompt action to minimise the risk of damage.

Separately, Marriott International also acknowledged the ICO decision and said that the company ‘deeply regrets the incident’.

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. The top stories of the day delivered to you every weekday.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU