UK to fine Marriott over Starwood hack

Facebok is reportedly facing a huge fine in the US over privacy violations (Image alfexe / iStockPhoto)
Marriott International faces a fine of approximately $123 million stemming from a years-long data breach. Photo credit: alfexe/iStockPhoto

The U.K. Information Commissioner’s Office intends to fine Marriott International over a security breach that exposed the personal information of guests in the Starwood Hotels & Resorts Worldwide reservations database starting in 2014 until the breach was discovered in November of 2018. The intended fine amounts to £99,200,396, or approximately $123 million. 

In a statement, Marriott, which acquired Starwood in 2016, said that it has the right to respond before any final determination is made and a fine can be issued by the ICO, and that it will “respond and vigorously defend its position.”

“We are disappointed with this notice of intent from the ICO, which we will contest,” Marriott President/CEO Arne Sorenson said in that statement. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

Virtual Event

HOTEL OPTIMIZATION PART 2 | SEPTEMBER 10 & 24, 2020

Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.


Marriott also said that the Starwood guest reservation database that was attacked is no longer used for business operations. 

Last November, Marriott disclosed that it had been the victim of what is shaping up to be the biggest data breach of all time. The breach allowed hackers unauthorized access to the Starwood network starting in 2014. Marriott acquired Starwood in 2016 for $13.6 billion, creating the world’s largest hotel operator.

Earlier this year, Marriott International has revised downward the number of guests impacted, finding fewer guest records were involved in the incident than the 500 million initially estimated.

The megachain identified approximately 383 million records as the upper limit for the total number of guest records that were involved in the years-long cyber attack. However, this number may not represent unique guests. Marriott’s research also uncovered multiple records of the same guest in many incidents, concluding that information for far fewer than 383 million unique guests was involved in the breach.

Suggested Articles

Teams working remotely or apart can use group video and real-time collaboration for mobile and desktop.

Travel needs to evolve with current e-commerce trends by moving forward with a stronger focus on the guest journey.

While occupancy, rate and revenue all improved from July, they were still significantly down year over year.