Marriott to be fined £99m for massive data breach
Hotel giant Marriott International is to be fined £99m following a massive data breach which came to light last year.
The Information Commissioner’s Office (ICO) said the personal information of 339 million customers was compromised and today issued a notice of its intention to fine the US hotel group.
It comes just days after the ICO issued a £183m fine to British Airways for the theft of customer data from its website last year.
The IT systems of Starwood Hotels were hacked in 2014, before Marriott acquired the hotel group in 2016, but the data breach was not discovered until last year.
The ICO’s investigation found that Marriott “failed to undertake sufficient due diligence” when it bought Starwood and should have done more to secure its systems and issued the fine for “infringements of the General Data Protection Regulation (GDPR)”.
Around seven million British customers were affected by the breach and 30 million were based in Europe.