Marriott fined £0.05 for each of the 339 million hotel guests whose data crooks were stealing for four years

Marriott fined £0.05 for each of the 339 million hotel guests whose data crooks were stealing for four years

Your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 in the eyes of the UK Information Commissioner's Office, which has fined Marriott £18.4m after 339 million people's data was stolen from the hotel chain.


The fine was imposed as a regulatory punishment for the 2018 Starwood Hotels megabreach despite Marriott not accepting liability for wrongdoing.


Although the attack was originally thought to have exposed half a billion records in the chain's guest reservation database, later investigations revised that figure downwards.


Within the exposed data were 5.25 million guests' passport numbers, stored without encryption, as well as 18.5 million encrypted passport numbers and 9.1 million encrypted credit card numbers.


Adding insult to public injury, the ICO cut Marriott's fine by four-fifths from its originally signalled value of £99m – and then dragged its heels repeatedly.


"When a business fails to look after customers' data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect," said Information Commissioner Elizabeth Denham in a canned statement.


A Marriott spokeswoman told The Register: "Marriott deeply regrets the incident," adding that the US hotel chain "remains committed to the privacy and security of its guests' information and continues to make significant investments in security measures for its systems."


Watertight like a col ..