UK Watchdog Fines Marriott £18.4m For Data Breach

The UK data protection watchdog, the Information Commissioner’s Office (ICO) has lowered its initial penalty against hotel chain Marriott International for a damaging data breach.

The “colossal” hack on Marriott International was first revealed to the world back in December 2018, and it affected the personal details and payment card data on up to 340 million people – dating right back to 2014.

The data breach actually happened when the systems of the Starwood hotels group were compromised in 2014.

Data breach

Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018.

And to make matters worse, in April this year, Marriott confirmed it had suffered a second data breach, that had compromised the personal data of roughly 5.2 million guests around the world.

In July 2019 Marriot was handed a £99 million fine by the ICO for that first breach.

But now the ICO has confirmed it will fine Marriott £18.4million for “failing to keep customers’ personal data secure.”

The ICO said it had “considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of Covid-19 on their business before setting a final penalty.”

The ICO’s investigation “found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).”

Precious data

“Personal data is precious and businesses have to look after it,” explained Information Commissioner, Elizabeth Denham. “Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.”

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect,” said Denham.

This is not the end of the woes for Marriott.

In August this year it was reported that Marriott is facing a class action lawsuit in the High Court in London, brought by millions of former guests demanding compensation.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

11 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

13 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

15 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

16 hours ago