Marriott faces Â£99.2 million fine after hack exposed 393 million hotel guest records
The UK”s Information Commissioner’s Office (IOC) has announced its intention to fine the US hotel group Marriott International Â£99.2 million (US $123 million) for a data breach that exposed the personal details of hundreds of millions of guests.
In its initial announcement in November 2018, Marriott said that the hack of its Starwood guest reservation system may have held information about up to 500 million guests – although this figure was later reduced to approximately 383 million guest records.
Information stolen included names, mailing addresses, phone numbers, email addresses, Starwood Preferred Guest (“SPG”) account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences. In addition,
millions of encrypted payment card numbers and passport numbers were exposed.
During a subsequent investigation Marriott discovered that there had been unauthorised access to the Starwood network since 2014 (Marriott acquired the Starwood Hotels group in 2016.)
And, of course, some of the data which would have been compromised by the hack would have related to customers who are based in the European Union. And it’s that European connection which means Marriott is facing a heavy penalty under the EU’s General Data Protection Regulation (GDPR).
According to the ICO, around 30 million of the hacked records related to residents of 31 countries in the European Economic Area (EEA), with seven million connected to UK residents.
The ICO says that Marriott “failed to undertake sufficient due diligence” when it bought Starwood and should have done more to secure its systems.
GDPR, which came into force last year, allows for fines of up to 20 million Euros or 4% of a company”s global annual turnover â€“ whichever is higher.
In a statement, Information Commissioner Elizabeth Denham sent a clear warning to other businesses who are careless with the personal data they hold:
“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn”t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
Marriott is co-operating with the ICO investigation, and has made improvements to its security since the breach was discovered. The hotel chain says it will respond to the proposed fine vigorously, in the hope that it can be reduced.
Earlier this week, the ICO announced that it was intending to fine British Airways Â£183 million for a breach that compromised the personal data of 500,000 customers last year.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021