Marriot International hit with £99m fine for data loss

Leading US hotel chain Marriot International faces a massive financial penalty for a data breach that affected hundreds of millions of people. Earlier this week it was announced that British Airways is also facing an eye watering penalty of £183.39 million for a data breach last year that affected half a million customers.

by Patrick Sullivan, Political Editor on 12 July 2019 07:27


The European Union’s controversial General Data Protection (GDPR) legislation claimed two victims this week, with intentional fines totally hundreds of millions being issued to a major hotel chain and airline. The Information Commissioner’s Office (ICO), the UK enforcement arm of the GDPR, announced its decision to fine the Marriott Hotel chain more than £99 million in a statement of intent issued yesterday.

The announcement said: “Following an extensive investigation the ICO has issued a notice of its intention to fine Marriott International £99,200,396 for infringements of the General Data Protection Regulation (GDPR).” According to the ICO said that data breach happened when the systems of the Starwood hotels group were compromised back in 2014.

Marriott then acquired Starwood in 2016, but the exposure of customer information was not discovered until 2018. The ICO’s investigation said that Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.

Tim Dunton, MD of Nimbus Hosting said: “Two monumental fines over the course of two days for breaking GDPR guidelines shows the ICO are really starting to take these breaches of security seriously – as they should be. Businesses must begin to understand the power they have when collecting and storing customer data and must face severe consequences when they fail to properly secure this.

Dunton continued, “Website security must be the biggest concern for businesses who store personal customer information and they have to begin to ensure they are using a secure system to host their websites.”

blog comments powered by Disqus