A $ 123 million fine is imposed on Marriott after a serious data breach revealed the personal data of 339 million hotel guests

• The Office of the UK Information Commissioner (ICO) is considering amending the Marriott International hotel giant£99 million (about $ 123 million) for a data breach that exposed sensitive data of 339 million guests.
• The breach occurred in 2014 in the database of the hotel company Starwood. Marriott inherited the undetected breach when it acquired Starwood in 2016. Marriott discovered the breach in November 2018.
• The Office of the Information Commissioner stated that Marriott had not demonstrated due diligence required when buying Starwood.
• Marriott intends to defend its position against the fine.

The Office of the Information Commissioner of the United Kingdom (ICO) announced Tuesday its intention to amend the Marriott International Hotel giant£99 million (about $ 123 million) for a data breach that exposed sensitive data of 339 million guests.

The ICO said Marriott had "failed to exercise due diligence when it purchased Starwood and should have done more to secure its systems" as part of its investigation of the violation. The intention of the ICO to fine Marriott is based on "breaches of the General Data Protection Regulations (GPR)".

The incident occurred in 2014 when the database of the Starwood hotel company was violated. Marriott bought Starwood in 2016 and inherited the undetected breach until November 2018.

The violation exposed sensitive customer data, including combinations of names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, date of birth, gender, start and departure information. arrival, booking dates and communication preferences. Some encrypted payment card numbers and expiry dates were also exposed, but the company did not confirm whether this payment information was secure because of its encryption in its initial November statement.

Marriott International said that "the company intends to respond and vigorously defend its position" and that she "has the right to respond before any final determination and that a fine may be imposed by l & # 39; ICO ".

"We are disappointed with this statement of intent by the ICO, which we will challenge," said Marriott International President and CEO Arne Sorenson in a statement. "Marriott cooperated with the OIC throughout its investigation into the incident, which involved a criminal attack on the Starwood Reservation Database, and we deeply regret this incident." We take confidentiality very seriously and the security of customer information and continue to work hard to achieve the level of excellence that our customers expect from Marriott. "

According to its guidelines, the GDPR may impose fines of up to 4% of a company 's previous year' s global annual business turnover.

See also: