Marriott fined $ 123 million by UK authorities for data breach – TechCrunch



[ad_1]

The UK's data protection authority has announced that it would serve the Marriott hotel giant with a fine of £ 99 million ($ 123 million) for a data breach that has exposed up to one year. to 383 million customers.

Last year, Marriott had revealed that acquired Starwood properties had seen its central database on pirated bookings, including five million unencrypted pbadport numbers and eight million credit card registrations. . The fault went back to 2014 but was not discovered until November 2018. Later, Marriott had removed the pirated reservation system from its operations.

The Information Commissioner's Office in the United Kingdom (ICO) has stated that, according to its investigation, Marriott "failed to exercise due diligence when it purchased Starwood and should have done more to secure its systems. "

The breach affected approximately 30 million residents of the European Union, according to the OIC, which confirmed the proposed fine in a statement Tuesday.

But Marriott said it "has the right to react" before a fine is imposed and "intends to react and vigorously defend" its position.

"We are disappointed with this statement of intent by the OIC, which we will challenge," said Marriott CEO Arne Sorenson in a document filed with the US Securities and Exchange Commission. "Marriott is collaborating with the OIC throughout its investigation of the incident, which has resulted in a criminal attack against Starwood's booking database."

Under the new GDPR regime, the OIC has the right to impose a fine of up to 4% of a company's annual turnover. Given that Marriott generated revenue of approximately $ 3.6 billion in 2018, the fine imposed by the ICO represents approximately 3% of the company's total revenue.

The ICO has stated that Marriott would have the opportunity to discuss the proposed findings and sanctions.

"The ICO will carefully review the statements of the company and other relevant data protection authorities before making its final decision," said the data protection authority of the United Kingdom.

Marriott's proposed fine is in line with a $ 230 million fine imposed by the ICO on Monday as a result of the British Airways data breach. The airline confirmed that approximately 500,000 customers had their credit cards skimmed over a period of three weeks, between August and September 2018.

The researchers explained that a group of credit card thieves called Magecart was to blame.

[ad_2]
Source link