Skip to main content
  1. Home
  2. Computing
  3. News

Marriott faces $123M fine for huge data breach that targeted millions of guests

Add as a preferred source on Google

Marriott International is facing a fine of 99 million British pounds (about $123 million) for a data breach discovered in 2018 that affected around 339 million of its Starwood guests.

The hefty financial penalty has been proposed by the United Kingdom’s Information Commissioner’s Office (ICO) and comes a day after the same body hit British Airways with a record $230 million fine for a data breach suffered by the carrier last year.

Recommended Videos

The large size of the fines has much to do with new powers linked to the E.U.’s General Data Protection Regulation (GDPR) that came into force in 2018. It means that businesses can be fined up to 20 million euros (about $22.4 million) or up to 4% of the company’s annual global turnover, whichever is greater. In this case, the fine represents about 3% of Marriott’s 2018 revenue.

The data breach targeted a guest reservation system operated by Starwood, a hotel and leisure company that Marriott acquired in 2016. It’s believed to have started in 2014, but was only discovered last year.

Hackers were able to steal a huge variety of personal data from guests, including a combination of names, addresses, birth dates, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, arrival and departure information, reservation dates, and encrypted payment card numbers.

It’s estimated that around 339 million guests globally were caught up in the breach, with 30 million of them living in the E.U.

A report issued by the ICO on Tuesday, July 9, said Marriott had failed to undertake sufficient due diligence when it acquired Starwood, adding that the hotel giant should have done more to secure its systems.

“The GDPR makes it clear that organizations must be accountable for the personal data they hold,” Information Commissioner Elizabeth Denham commented. “Personal data has a real value, so organizations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

Responding to the proposed fine, Marriott International’s president, Arne Sorenson, said: “We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

Sorenson added: ”We deeply regret this incident happened. We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.”

The move toward stiffer financial penalties for data breaches will be of major concern to businesses both big and small, though if the higher fines prompt companies to review their cyber defenses and make improvements where necessary, then customers everywhere will benefit.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
South Korea wants to give every citizen free, unlimited access to its own AI chatbot
The government-backed service could turn generative AI into public infrastructure instead of another monthly subscription
Electronics, Mobile Phone, Phone

South Korea wants to give every citizen free access to an AI chatbot with no usage limits. That puts the technology closer to a public utility than another premium service demanding a monthly subscription.

The Ministry of Science and ICT announced the AI for Everyone project on July 13. Private companies will build the platform around locally developed models, while a separate AI agent will help people navigate government services. It’s a more practical job than generating emails or settling arguments nobody wanted to research themselves.

Read more
Falling in love with a chatbot is now off limits for kids in China
The crackdown targets emotional AI relationships as regulators worry about the country's record low birthrate.
Replika AI companion app on an iPhone in hand

Ever since AI chatbots arrived on the scene, there has been one aspect that has worried lawmakers and experts a lot: humans forming emotional connections with chatbots. There have been plenty of cases where over-reliance on these AI companions or partners has resulted in medical emergencies, lost lives, and triggered multiple lawsuits against the likes of OpenAI and Meta.

China cracks down on AI companion apps

Read more
Russian hackers keep finding their way into critical networks through neglected routers
A multinational warning says outdated firmware, weak passwords, and insecure settings are giving state-backed attackers an easy opening
A Wi-Fi router next to a laptop.

Russian state-backed hackers have spent more than a decade exploiting a stubborn weakness in critical infrastructure networks. Organizations are still leaving poorly configured and outdated routers exposed to the internet.

In a joint cybersecurity advisory, the NSA, CISA, FBI, and international partners warn that hackers linked to Center 16 of Russia’s Federal Security Service are continuing to target vulnerable networking equipment. Energy, healthcare, and government networks are among the sectors facing the highest risk.

Read more