Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Marriott Faces $123 Million Fine in UK for Data Breach

Marriott says it will fight a $123 million U.K. government fine related to its massive data breach.

Marriott has the right to respond to the proposed fine before a final determination is made by the U.K.’s Information Commissioner’s Office. The agency says the breach violated the European Union’s data protection regulations.

Marriott says it will fight a $123 million U.K. government fine related to its massive data breach.

Marriott has the right to respond to the proposed fine before a final determination is made by the U.K.’s Information Commissioner’s Office. The agency says the breach violated the European Union’s data protection regulations.

Marriott announced last November that data from as many as 500 million guests at its Starwood hotels may have been compromised by unauthorized access dating to 2014.

In January, the Bethesda, Maryland, company revised that figure to 323 million guests, and said around 25 million passport numbers may also have been compromised. Marriott has alerted affected guests.

In a statement issued Tuesday, the Information Commissioner’s Office said the breach affected 30 million European residents, including 7 million in the U.K. The agency found that Marriott failed to perform sufficient due diligence when it bought Starwood in 2016. It also said Marriott should have done more to secure its systems.

The Information Commissioner’s Office noted that Marriott has made improvements to its system since the breach was discovered.

In a statement, Marriott President and CEO Arne Sorenson said the company has assisted the Information Commissioner’s Office with its investigation. He said the breach was the result of a criminal attack.

“We are disappointed with this notice of intent from the ICO, which we will contest,” Sorenson said in a statement.

Marriott shares fell 1.5% to $139.20 in afternoon trading.

This is the second large fine announced by the Information Commissioner’s Office this week. On Monday, the agency proposed a $229 million fine against British Airways over a data breach that affected 500,000 customers. If that fine holds, it will be the largest levied yet under new, tougher European Union data protection regulations.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.