For last year’s data violation, Marriott faces $123 million of GDPR fine in the UK

Marriott Hackers

Marriott is being fined a day following the ICO’s announcement to British Airways of an GDPR $230 million fine.

The UK’s ICO intends to charge Marriott’s international hotel chain for the data breach of the past year with a £ 99,200,396 fine ($123,705,870).

Marriott revealed in November 2018 that hackers have been accessing the guest booking database since 2014. In the beginning, the firm said hackers stole information from around 500 million hotel guests and later corrected the hotel chain to 383 million after a thorough investigation. The company reported the figures.

Hacker stolen according to the post mortem of the hack: 383 million guest reports 18,5 million encrypted passport numbers 5,25,000 million non-encrypted passport numbers 9,1 million encrypted payment card names 385,000 card numbers still valid at the time of the breach.

Now the ICO says that it intends to finally fine Marriott for violations of the EU’s General Data Protection (GDPR).


“The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.” 

Marriott said he intended to appeal to the ICO on the formal filing today in a filing with the United States Securities Exchange Committee.

“We’re disappointed with the ICO’s statement that we’ll challenge,” said Arne Sorenson, President and CEO of Marriott International.

“We deeply regret this incident that has happened. We take guest information privacy and security very seriously, and continue to work hard to meet the standard of excellence that Marriott has been anticipating for our guests.”

This is the second ICO announcement of plans to finalize a large GDPR infringement organization. The ICO announced yesterday that its website, which is infected with a web card shimmers that collected BA customers payment details, will receive £ 183 million ($230 million) in fine. after British Airways did not protect their website.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.