The UK data protection authority will hit Marriott with a £99 million (US$123 million) fine for a breach that exposed the data of up to 383 million guests.
Last year the hotel company revealed that guests’ data was accessed, tied to a breach of the Starwood hotel guest reservation database. Of the 500 million guests impacted, around 327 million had information compromised that ranged from names to passport numbers to email addresses and Starwood account information. The company also stated that credit card data may have been compromised even though it had been encrypted.
The UK’s Information Commissioner’s Office (ICO) investigation found that Marriott “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems,” according to Business Insider.
Marriott responded that “the company intends to respond and vigorously defend its position,” and that it “has the right to respond before any final determination is made and a fine can be issued by the ICO.”
“We are disappointed with this notice of intent from the ICO, which we will contest,” Marriott International’s president and CEO, Arne Sorenson, said in a statement. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database. We deeply regret this incident happened. We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.”
Under the general data protection regulation (GDPR), the ICO can fine up to 4 percent of a company’s annual revenue. Marriott generated about US$3.6 billion last year, so the ICO’s proposed fine is about 3% of the company’s global revenue.
This fine comes after ICO just imposed a record fine of US$230 million on British Airways for a data breach that impacted about 500,000 customers over a three-week period between August and September 2018.
Full Content: PYMNTS
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.
Featured News
Federal Judge Orders Google to Open Android App Store Amid Antitrust Pressure
Oct 7, 2024 by
CPI
Federal Judge Greenlights FTC’s Antitrust Lawsuit Against Amazon, Tosses Some State Claims
Oct 7, 2024 by
CPI
Supreme Court Rejects Uber and Lyft’s Appeal in California Gig Worker Suits
Oct 7, 2024 by
CPI
Supreme Court Sidesteps 5-Hour Energy Pricing Case, Allowing Antitrust Claims to Proceed
Oct 7, 2024 by
CPI
Tempur Sealy and Mattress Firm Argue FTC Proceedings Are Unconstitutional in New Suit
Oct 7, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Refusal to Deal
Sep 27, 2024 by
CPI
Antitrust’s Refusal-to-Deal Doctrine: The Emperor Has No Clothes
Sep 27, 2024 by
Erik Hovenkamp
Why All Antitrust Claims are Refusal to Deal Claims and What that Means for Policy
Sep 27, 2024 by
Ramsi Woodcock
The Aspen Misadventure
Sep 27, 2024 by
Roger Blair & Holly P. Stidham
Refusal to Deal in Antitrust Law: Evolving Jurisprudence and Business Justifications in the Align Technology Case
Sep 27, 2024 by
Timothy Hsieh