UK Watchdog Fines Marriott £18.4m For Data Breach

The UK data protection watchdog, the Information Commissioner’s Office (ICO) has lowered its initial penalty against hotel chain Marriott International for a damaging data breach.

The “colossal” hack on Marriott International was first revealed to the world back in December 2018, and it affected the personal details and payment card data on up to 340 million people – dating right back to 2014.

The data breach actually happened when the systems of the Starwood hotels group were compromised in 2014.

Data breach

Marriott subsequently acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018.

And to make matters worse, in April this year, Marriott confirmed it had suffered a second data breach, that had compromised the personal data of roughly 5.2 million guests around the world.

In July 2019 Marriot was handed a £99 million fine by the ICO for that first breach.

But now the ICO has confirmed it will fine Marriott £18.4million for “failing to keep customers’ personal data secure.”

The ICO said it had “considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of Covid-19 on their business before setting a final penalty.”

The ICO’s investigation “found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).”

Precious data

“Personal data is precious and businesses have to look after it,” explained Information Commissioner, Elizabeth Denham. “Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.”

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect,” said Denham.

This is not the end of the woes for Marriott.

In August this year it was reported that Marriott is facing a class action lawsuit in the High Court in London, brought by millions of former guests demanding compensation.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Foxconn Moves Some Apple Production To Vietnam

Foxconn is reportedly moving the manufacturing of some iPads and Macbooks out of China to…

16 hours ago

Trump Administration Grants ByteDance TikTok Sale Extension

ByteDance granted seven day extension by Trump administration of TikTok sale order to new company…

17 hours ago

Amazon Web Services Restored After Outage

Amazon's cloud service on Wednesday suffered a widespread outage impacting parts of the Internet, but…

19 hours ago

Coronavirus Pandemic Impacts Full Fibre Broadband Rollout

Government finances are hurting. Delay to ambitious plan to roll out gigabit broadband to every…

20 hours ago

Bristol City Council Data Breach Revealed Names Of Disabled Children

Mass email from the council contained the names and email addresses of children with special…

2 days ago