2 min read

Marriott faces £99.2 million fine after hack exposed 393 million hotel guest records

Graham CLULEY

July 10, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Marriott faces £99.2 million fine after hack exposed 393 million hotel guest records

The UK”s Information Commissioner’s Office (IOC) has announced its intention to fine the US hotel group Marriott International £99.2 million (US $123 million) for a data breach that exposed the personal details of hundreds of millions of guests.

In its initial announcement in November 2018, Marriott said that the hack of its Starwood guest reservation system may have held information about up to 500 million guests – although this figure was later reduced to approximately 383 million guest records.

Information stolen included names, mailing addresses, phone numbers, email addresses, Starwood Preferred Guest (“SPG”) account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences. In addition,
millions of encrypted payment card numbers and passport numbers were exposed.

During a subsequent investigation Marriott discovered that there had been unauthorised access to the Starwood network since 2014 (Marriott acquired the Starwood Hotels group in 2016.)

And, of course, some of the data which would have been compromised by the hack would have related to customers who are based in the European Union. And it’s that European connection which means Marriott is facing a heavy penalty under the EU’s General Data Protection Regulation (GDPR).

According to the ICO, around 30 million of the hacked records related to residents of 31 countries in the European Economic Area (EEA), with seven million connected to UK residents.

The ICO says that Marriott “failed to undertake sufficient due diligence” when it bought Starwood and should have done more to secure its systems.

GDPR, which came into force last year, allows for fines of up to 20 million Euros or 4% of a company”s global annual turnover – whichever is higher.

In a statement, Information Commissioner Elizabeth Denham sent a clear warning to other businesses who are careless with the personal data they hold:

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn”t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

Marriott is co-operating with the ICO investigation, and has made improvements to its security since the breach was discovered. The hotel chain says it will respond to the proposed fine vigorously, in the hope that it can be reduced.

Earlier this week, the ICO announced that it was intending to fine British Airways £183 million for a breach that compromised the personal data of 500,000 customers last year.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read