Marriott Faces $123 Million GDPR Fine for 2018 Data Breach
In addition to considering an unprecedented $228 million fine for British Airways over the data breach the company experienced in the summer of 2018, the UK Information Commissioner’s Office (ICO) plans to fine Marriott International Inc £99,200,396 ($123,705,869) over its failure to protect customer data under the EU’s General Data Protection Regulation. Various security shortcomings resulted in a massive data breach that was announced by Marriott late last year.
The breach actually occurred in 2014 and impacted the guest reservation database used by Starwood hotels group, which would later be acquired by Marriott. However, the ICO states that “Marriott failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.” It is rather telling that the breach wasn’t discovered until 2018.