Marriott faces $123 million UK fine over data breach

Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK’s Information Commissioner’s Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU’s General Data Protection Regulation through the incident. Marriott didn’t conduct “sufficient due diligence” when it bought Starwood, according to the regulator, and “should also have done more” to improve security.

Starwood’s systems were compromised as soon as 2014, but Marriott didn’t disclose the breach until 2018 — two years after it completed the takeover of Starwood. It’s now estimated that about 339 million guests were exposed, 30 million of them in the European Economic Area and 7 million of them in the UK. Over 5 million unencrypted passport numbers were affected by the intrusion.

While the ICO said Marriott had cooperated with the investigation and improved its security since the breach, it’s not going to fine the hotel giant without a fight. Marriott said in a statement that it was “disappointed” with the outcome and intended to “contest” the potential fine. It might not earn much sympathy from officials, though. The ICO has already signaled plans to fine British Airways $230 million for a data breach, and that was for a two-week period. It’s not likely to go easy on Marriott when the company theoretically had years to detect and address a security concern.

source: Engadget.com by Jon Fingas

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: