Marriott data breach attracts $23.9 million penalty from ICO


The Information Commission Office(ICO) has pronounced a penalty worth $23.9 million on Marriott Hotel for failing to secure its customer information since 2014. ICO also stated in a statement that the penalty was reduced in the light of the pandemic, as the hospitality sector has suffered a lot due to the global shut down and ban of air travel.


Now, to those who are unaware of what has happened in the Marriott Hotel Data Breach related cyberattack, here’s a gist on it. In the year 2018, the hotel chain discovered that the reservation database was exposed to hackers due to a flaw and the server was accessible to outsiders since 2014.


ICO said that the attack impacted over 7 million British guests and thousands in the USA and other countries.


FYI, the latest penalty pronounced by the Information Commission Office(ICO) happens to be second in this month. As the regulator penalized British Airways early this month by imposing 20 million pounds on the airliner for failing to protect its customer information from cyber attacks. Initially, the fine was announced as 183.4 million pounds. 


But the regulators slashed down the penalty due to the pandemic.


Note 1- Hackers somehow infiltrated the database of Starwood Hotels & Resorts in 2014 and the incident was discovered in 2018, by which time the company was acquired by Marriott.


Note 2- With the latest GDPR rules that kicked up in May 2018, more such penalties are expected to be imposed on companies that failed to protect their user data in an around the UK.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display