The Information Commissioner’s Office has fined Marriott International Inc £18.4m over a 2014 hack which saw records of 339 million guests stolen by hackers. The fine is a significant reduction from the initial £99.2m fine proposed by the data watchdog last year.

The ICO’s investigation found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation.

As part of the regulatory process, the ICO considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of COVID-19 on their business before setting a final penalty.

Information commissioner, Elizabeth Denham, said: ”Personal data is precious and businesses have to look after it. Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.

“When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect.”

Share Story: