London, Nov 2 : The UK’s Information Commissioner’s Office (ICO) has fined Marriott International 18.4 million pounds (nearly $23.8 million) over a 2014 customer data breach.
The penalty announced last Friday is significantly lower than the 99 million pounds fine originally proposed in July 2019.
The ICO said before setting a final penalty, it considered representations from Marriott, the steps Marriott took to mitigate the effects of the incident and the economic impact of Covid-19 on their business.
Marriott estimates that 339 million guest records worldwide were affected following a cyberattack in 2014 on Starwood Hotels and Resorts Worldwide Inc.
The attack, from an unknown source, remained undetected until September 2018, by which time the company had been acquired by Marriott.
The personal data involved differed between individuals but may have included names, email addresses, phone numbers, unencrypted passport numbers, arrival/departure information, guests’ VIP status and loyalty programme membership number.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories