Punishment against Marriott
The Information Commissioner’s Office (ICO) has announced that a fine of £ 99.2 million will be imposed on the international hotel chain Marriott. This amount corresponds to about 110 million euros.
In 2016, the Marriott acquired the company Starwood Hotels & Resports Worldwide for about 12 billion US-Dollar. The company was integrated into the chain.
In November 2018, it became known that cybercriminals have captured data from approximately 339 million customers. The data was stolen from a database of Starwood Hotels. About 30 million records of EU citizens were affected.
In addition to data on the stay and credit card data were stolen.
Investigation of the authority
The data protection agency ICO says that the Marriott hotel chain did not adequately audit the security systems during the acquisition. Therefore, the company has culpably failed to protect its customers’ data sufficiently.
At the same time it was stressed that the company has cooperated with the authorities and has taken various measures to prevent such theft in the future.
Nevertheless, ICO announced a fine of £ 99 million. The Marriott hotel chain still has the opportunity to write an opinion before the decision becomes legally valid.
Type of Issue:
Theft of Data
Number of involved data records:
339 000 000
Special category of data involved:
Violation of GDPR Paragraph:
32. Security of processing