July 10, 2019
Marriott International Inc. faces a $123.7 million (99 million Briitsh Pounds) fine by U.K. regulators over the massive 2018 data breach involving personal information of more than 339 million hotel guests.
The U.K. Information Commissioner's Office said it will levy the fine as the hotel company violated the General Data Protection Regulation, according to a release from the agency. Of the 339 million guests impacted by the breach, about 30 million lived in 31 countries belonging to the European Economic Area and 7 million of the guests were U.K. residents.
Officials said the breach is believed to stem from a vulnerability within the Starwood Hotels and Resorts system, which Marriott acquired in 2016. The breach was believed to have started in 2014, but was not discovered until 2018, according to the release. The ICO investigation found that Marriott failed to undertake the necessary amount of due diligence.
"The GDPR makes it clear that organizations must be accountable for the personal data they hold," Information Commissioner Elizabeth Denham said in the announcement. "This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but how it is protected."
The ICO said that Marriott has cooperated with the investigation and has taken steps to improve its internal security.
Topics: Loyalty Programs, Mobile Apps, Region: EMEA, Regulatory Issues, Security
Companies: Marriott International
Sponsored Links: