UK Watchdog Fines Marriott £18.4m For Data Breach

The UK data protection watchdog, the Information Commissioner’s Office (ICO) has lowered its initial penalty against hotel chain Marriott International for a damaging data breach.

The “colossal” hack on Marriott International was first revealed to the world back in December 2018, and it affected the personal details and payment card data on up to 340 million people – dating right back to 2014.

The data breach actually happened when the systems of the Starwood hotels group were compromised in 2014.

Data breach

Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018.

And to make matters worse, in April this year, Marriott confirmed it had suffered a second data breach, that had compromised the personal data of roughly 5.2 million guests around the world.

In July 2019 Marriot was handed a £99 million fine by the ICO for that first breach.

But now the ICO has confirmed it will fine Marriott £18.4million for “failing to keep customers’ personal data secure.”

The ICO said it had “considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of Covid-19 on their business before setting a final penalty.”

The ICO’s investigation “found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).”

Precious data

“Personal data is precious and businesses have to look after it,” explained Information Commissioner, Elizabeth Denham. “Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.”

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect,” said Denham.

This is not the end of the woes for Marriott.

In August this year it was reported that Marriott is facing a class action lawsuit in the High Court in London, brought by millions of former guests demanding compensation.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

2 days ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

2 days ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

3 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

3 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

3 days ago