< Back to news headlines

Tuesday, July 9, 2019 - Marriott International hotel chain fined £99 million for exposing millions of customers’ details
Marriott International
Source -
Where - United Kingdom
Cost - 99,000,000 GBP
Business line - Hostelry, Hotels, Accomodation and Food

The Marriott International Hotel chain will be fined £99 million after a cyber security breach that left millions of customers' details exposed.

The cyber incident, which was reported to the Information Commissioner's Office in November 2018, affected 7 million UK residents and 44 million people in the European Economic Area.

The hotel giant revealed there had been "unauthorised access" to a network containing up to 500m of its guests' information - including passport details and credit card numbers.

The information included some combination of name, mailing address, phone number, email address, passport number, date of birth and other personal details.

Under GDPR, companies must be careful to protect consumer data or risk facing hefty fines.

Marriott's troubles are thought to have begun when the chain acquired Starwood Hotels in 2016.

Starwood had been compromised in 2014, but the breach wasn't discovered until after Marriott International bought the group.

The regulator's investigation decided that Marriott had not done its due diligence when it purchased Starwood Hotels and that it should have done more to secure the systems.

Marriott has co-operated with the ICO investigation and has made improvements to its security arrangements since these events came to light.