Home / News / Marriott hotel chain fined $123 million for major data breach

Marriott hotel chain fined $123 million for major data breach

The Marriott hotel chain has become the second largest company to face a severe penalty for non-compliance with the GDPR.

The British regulator Information Commissioner’s Office (ICO) reported a recovery of £ 99 million ($ 123 million) for data leakage, which occurred in 2018.

«The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected», – claims British Information Commissioner Elizabeth Denham.

This data leak was discovered in November 2018, when the company revealed a compromise of the database of its subsidiary Starwood Hotels.

Elizabeth Denham
Elizabeth Denham
About 339 million guests came into the hands of attackers. The database included guest names, postal addresses, telephone numbers, email addresses, dates of birth, field information, arrival and departure, booking dates, etc. data 8.6 million bank cards.

Read also: British Airways will pay a record penalty for data leakage within the GDPR

An internal investigation has shown that attackers have had access to the system since 2014. An ICO investigation revealed that Mariott did not adequately verify when buying Starwood and did not properly protect its system.

«Personal data has a real value so organizations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public», — reports in official statement Elizabeth Denham.

However, there is an opinion that for the cyberattack on the hotel network Marriott, during which personal data of 500 million users were stolen, could be responsible cybercriminals associated with the Chinese government.

Additionally, the other day it became known that the Office of the Commissioner for Information of Great Britain fined British Airways, country’s largest airlines, for non-compliance with the GDPR. The amount of the fine was a record – £183 million.
[Total: 0    Average: 0/5]
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

PoC exploit for Android vulnerability

Information security researcher publishes PoC exploit for critical vulnerability in Android

Grant Hernandez, Ph.D. in science at the University of Florida’s Cybersecurity Institute, has published a …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.