Marriott smacked with $33.7m fine over infamous data breach

June 17, 2018 - Vancouver, BC, Canada: Marriott International is an American multinational diversified hospitality company that manages and franchises a broad portfolio of hotels and related lodging facilities

The United Kingdom’s data privacy watchdog has fined Marriott International £18.4 million (around $33.7 million) for a major data breach that may have affected as many as 339 million guests.

The Information Commissioner’s Office (ICO) said the data obtained by hackers could have included names, email addresses, phone numbers, unencrypted passport numbers, arrival or departure information, and guests’ VIP status and loyalty program membership numbers.

The ICO’s investigation found that there were failures by Marriott to put appropriate safeguards in place, as required by the General Data Protection Regulation (GDPR), but acknowledged that the company had improved.

The precise number of people affected is unclear, but Marriott estimates 339 million guest records worldwide were affected following the cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc.

The attack, from an unknown source, remained undetected until September 2018, by which time the company had been acquired by Marriott.

However, the ICO said there may have been multiple records for an individual guest. Seven million guest records related to people in the UK.

“Personal data is precious and businesses have to look after it,” ICO information commissioner Elizabeth Denham said in a statement.

“Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.

“When a business fails to look after customers’ data, the impact is not just a possible fine. What matters most is the public whose data they had a duty to protect.”

The ICO acknowledged that Marriott acted promptly to contact customers and the ICO. It also acted quickly to mitigate the risk of damage suffered by customers, the ICO said, and has since instigated several measures to improve the security of its systems.

Marriott International said it does not intend to appeal the decision, but made no admission of liability in relation to the decision or the underlying allegations.

The company added that it “deeply regrets” the incident.

“Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems, as the ICO recognises,” the company said in a statement.

“The ICO also recognises the steps taken by Marriott following discovery of the incident to promptly inform and protect the interests of its guests. Marriott wants to reassure guests that the incident and the ICO’s decision involved only Starwood’s separate network, which is no longer in use.”


Featured image source: iStock/volkan.basar

Latest News

  • Cruise

Viking takes delivery of its newest ship, the Viking Vela

Viking has announced it has taken delivery of its newest ocean ship, the Viking Vela, when it was presented at Fincantieri’s shipyard in Ancona, Italy. Classified as a small ship, as are all Viking ocean ships, the Viking Vela has 499 staterooms that hosts 998 guests. The ship joins the company’s growing fleet of award-winning ocean vessels and […]

  • Cruise

Celebrity Cruises sets sail from Canaveral for the first time

Celebrity Cruises has brought its premium holiday experiences to Port Canaveral, Florida, offering even more ways to escape to the Caribbean. Guests can now enjoy Caribbean escapes on Celebrity Equinox with seven-night sailings to tropical destinations including The Bahamas, St. Maarten, Puerto Rico, Belize, and more. With the addition of Port Canaveral, Celebrity Cruises now offers […]

  • Tourism

ATIA secures skilled migration win with inclusion of consultants, agency managers and tour guides

The Australian Travel Industry Association (ATIA) has secured a significant win, with the inclusion of travel consultants, travel agency managers and tour guides as eligible occupations for skilled migration on the Federal Government’s Core Skills Occupation List (CSOL). These inclusions mark a significant milestone for Australia’s travel industry. Until now, travel consultants and tour guides […]

  • Events
  • Hotels

An event producer’s take on Alma Resort – the ultimate MICE destination

The state-of-the-art Alma Resort has been rapidly gaining recognition for its world-class facilities and is now turning its focus to attract the Australian market, a key player in the global MICE (Meetings, Incentives, Conferences, and Exhibitions) sector. Rebecca Perrier reports. Nestled along Vietnam’s picturesque southern coastline, the vibrant Alma Resort in Cam Ranh stands as […]

  • Travel Agents

TravelManagers’ Danielle Goncalves on falling in love with Bali in 5 days

TravelManagers’ Danielle Goncalves can confirm that five days is more than enough time to fall in love with Bali. Goncalves was one of seven personal travel managers (PTMs) to visit the iconic destination with Hoot Holidays on their annual ‘Hoot Legends’ famil. As a longtime supporter of Hoot Holidays (a sister company to TravelManagers Australia), […]

  • News
  • Sustainability

The DARWIN200 conservation mission sails into Hobart

The DARWIN200 conservation mission aboard the Dutch tall ship Oosterschelde sailed into Hobart ahead of a programme of conservation projects. The Oosterschelde set sail from Plymouth Harbour, UK, in August 2023 on an epic two-year planetary conservation mission retracing Charles Darwin’s voyage of the Beagle and training 200 young environmentalists along the way. The aim was to inspire […]