Fine massively reduced in part due to COVID-19’s impact on hotel industry
Marriott International has been fined £18.4 million (US $23.8 million) for its failure to adequately protect the personal records 339 million guests.
The fine, imposed by UK data regulator, the Information Commissioner’s Office (ICO), is a massive 81% less than the £99.2 million fine originally imposed upon the hotel group last year.
It is now two years since Marriott warned the public that hackers had managed to gain unauthorised access to the Starwood guest reservation database since 2014, exposing guests’ names, mailing addresses, phone numbers, email addresses, Starwood Preferred Guest (“SPG”) account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences. In addition,millions of encrypted payment card numbers and passport numbers were also breached.
The hackers continued to exfiltrate sensitive data from the system after Marriott acquired Starwood in 2016, continuing to steal personal data unnoticed by Marriott until 2018.
At the time, the breach was described as the second-biggest data breach in history.
The ICO determined that Marriott “failed to undertake sufficient due diligence” when it bought Starwood and should have done more to secure its systems from cybercriminals, but has now dramatically reduced the fine it is imposing on the international company.
Why the massive reduction from $99.2 million to £18.4 million? According to the ICO, it has now taken into account steps Marriott has taken to mitigate the effects of the incident and the economic impact COVID-19 has had on the hot ..
Support the originator by clicking the read the rest link below.
