The UK’s data privacy regulator has plans to fine the US hotel group Marriott International £99.2 million.
The fine relates to a data breach which resulted in 339 million guests having their personal details exposed to criminals. The incident dates back to 2014 but was only found in 2018.
Marriott International’s president, Arne Sorenson, said: “We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been co-operating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.
“We deeply regret this incident happened. We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.”
The Information Commissioner’s Office (ICO) said Marriott failed to properly data practices and should have done more to secure its systems.
Security company CyberInt’s lead researcher Jason Hill said: “The draconian fines.. are a wake-up call to all organisations, big and small.”
“Although this may come as a blow to a company such as BA or Marriott, they are robust enough to weather the storm. A smaller organisation suffering a serious breach could find itself overwhelmed by any penalty which, when combined with the loss of consumer confidence and the associated reputational damage -with devastating consequences for its business.”
