Skip to main content

Marriott faces $123M fine for huge data breach that targeted millions of guests

Marriott International is facing a fine of 99 million British pounds (about $123 million) for a data breach discovered in 2018 that affected around 339 million of its Starwood guests.

The hefty financial penalty has been proposed by the United Kingdom’s Information Commissioner’s Office (ICO) and comes a day after the same body hit British Airways with a record $230 million fine for a data breach suffered by the carrier last year.

Recommended Videos

The large size of the fines has much to do with new powers linked to the E.U.’s General Data Protection Regulation (GDPR) that came into force in 2018. It means that businesses can be fined up to 20 million euros (about $22.4 million) or up to 4% of the company’s annual global turnover, whichever is greater. In this case, the fine represents about 3% of Marriott’s 2018 revenue.

Please enable Javascript to view this content

The data breach targeted a guest reservation system operated by Starwood, a hotel and leisure company that Marriott acquired in 2016. It’s believed to have started in 2014, but was only discovered last year.

Hackers were able to steal a huge variety of personal data from guests, including a combination of names, addresses, birth dates, phone numbers, email addresses, passport numbers, Starwood Preferred Guest account information, arrival and departure information, reservation dates, and encrypted payment card numbers.

It’s estimated that around 339 million guests globally were caught up in the breach, with 30 million of them living in the E.U.

A report issued by the ICO on Tuesday, July 9, said Marriott had failed to undertake sufficient due diligence when it acquired Starwood, adding that the hotel giant should have done more to secure its systems.

“The GDPR makes it clear that organizations must be accountable for the personal data they hold,” Information Commissioner Elizabeth Denham commented. “Personal data has a real value, so organizations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

Responding to the proposed fine, Marriott International’s president, Arne Sorenson, said: “We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

Sorenson added: ”We deeply regret this incident happened. We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.”

The move toward stiffer financial penalties for data breaches will be of major concern to businesses both big and small, though if the higher fines prompt companies to review their cyber defenses and make improvements where necessary, then customers everywhere will benefit.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more
How to transfer your books from Goodreads to StoryGraph
Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Read more
I played Black Myth: Wukong on the new MSI handheld to prove it was possible
Black Myth: Wukong running on the MSI Claw 8 AI+.

I scoffed when MSI put the Claw 8 AI+ in my hands with Black Myth: Wukong selected. I'd spent 80 hours in the game on my full desktop packing an RTX 4090, and I knew just how demanding the game was. It's a pipedream for a handheld gaming PC.

I pressed Continue and loaded up at the Pool of Shattered Jade rest point -- the ideal spot to farm; if you know, you know -- and proceeded to run up to the cocoons spotted around the area, unleash my spirit ability, and run back. Sitting in a dimly-lit New York City bar, I continued the loop a few more times. I'd done plenty of farming in the game before.

Read more