UK Watchdog Fines Marriott £18.4m For Data Breach

The UK data protection watchdog, the Information Commissioner’s Office (ICO) has lowered its initial penalty against hotel chain Marriott International for a damaging data breach.

The “colossal” hack on Marriott International was first revealed to the world back in December 2018, and it affected the personal details and payment card data on up to 340 million people – dating right back to 2014.

The data breach actually happened when the systems of the Starwood hotels group were compromised in 2014.

Data breach

Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018.

And to make matters worse, in April this year, Marriott confirmed it had suffered a second data breach, that had compromised the personal data of roughly 5.2 million guests around the world.

In July 2019 Marriot was handed a £99 million fine by the ICO for that first breach.

But now the ICO has confirmed it will fine Marriott £18.4million for “failing to keep customers’ personal data secure.”

The ICO said it had “considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of Covid-19 on their business before setting a final penalty.”

The ICO’s investigation “found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).”

Precious data

“Personal data is precious and businesses have to look after it,” explained Information Commissioner, Elizabeth Denham. “Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.”

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect,” said Denham.

This is not the end of the woes for Marriott.

In August this year it was reported that Marriott is facing a class action lawsuit in the High Court in London, brought by millions of former guests demanding compensation.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Colonial Pipeline Paid Ransomware Criminals $5m – Report

Multiple US media outlets report that DarkSide criminal gang has been paid $5 million after…

6 hours ago

Ireland Shuts Down Health IT System After Ransomware Attack

The health service in Ireland has suffered a 'significant ransomware attack' and has shut down…

7 hours ago

Price For Microsoft Surface Duo Slashed In US

Another Microsoft phone failure? Seven months after Redmond's dual screen smartphone device went on sale,…

8 hours ago

NHS Covid-19 App Saved Up To 8,700 Lives, Says Research Paper

NHS contact tracing app used in England and Wales during Coronavirus pandemic saved thousands of…

24 hours ago

Google Cloud, SpaceX Sign Deal For Enterprise Cloud Services

Elon Musk's SpaceX is to deliver Google Cloud services to enterprises at the 'network edge',…

1 day ago

Google Fined 100 Million Euros By Italian Antitrust Regulator

Stiff penalty imposed by Italian watchdog over Google's alleged decision to restrict access of one…

1 day ago