Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Marriott Faces $123 Million Fine in UK for Data Breach

Marriott says it will fight a $123 million U.K. government fine related to its massive data breach.

Marriott has the right to respond to the proposed fine before a final determination is made by the U.K.’s Information Commissioner’s Office. The agency says the breach violated the European Union’s data protection regulations.

Marriott says it will fight a $123 million U.K. government fine related to its massive data breach.

Marriott has the right to respond to the proposed fine before a final determination is made by the U.K.’s Information Commissioner’s Office. The agency says the breach violated the European Union’s data protection regulations.

Marriott announced last November that data from as many as 500 million guests at its Starwood hotels may have been compromised by unauthorized access dating to 2014.

In January, the Bethesda, Maryland, company revised that figure to 323 million guests, and said around 25 million passport numbers may also have been compromised. Marriott has alerted affected guests.

In a statement issued Tuesday, the Information Commissioner’s Office said the breach affected 30 million European residents, including 7 million in the U.K. The agency found that Marriott failed to perform sufficient due diligence when it bought Starwood in 2016. It also said Marriott should have done more to secure its systems.

The Information Commissioner’s Office noted that Marriott has made improvements to its system since the breach was discovered.

In a statement, Marriott President and CEO Arne Sorenson said the company has assisted the Information Commissioner’s Office with its investigation. He said the breach was the result of a criminal attack.

“We are disappointed with this notice of intent from the ICO, which we will contest,” Sorenson said in a statement.

Advertisement. Scroll to continue reading.

Marriott shares fell 1.5% to $139.20 in afternoon trading.

This is the second large fine announced by the Information Commissioner’s Office this week. On Monday, the agency proposed a $229 million fine against British Airways over a data breach that affected 500,000 customers. If that fine holds, it will be the largest levied yet under new, tougher European Union data protection regulations.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

Dan Pagel has been named the new CEO of risk management and remediation firm Brinqa.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.