The U.K. Information Commissioners Office (ICO) intends to levy a £99,200,396, or $124 million, fine against Marriott International in response to the data breach suffered by that company’s Starwood reservation data base in November 2018.
Marriott announced the ICO ‘s intention to provide a fine, but said in a statement that the company would use its legal right to retaliate and “vigorously defend itself” before any final decision is made and the fine actually issued by the ICO.
‘We ‘re disappointed with this notice of intent from ICO, which we will challenge. Marriott has been cooperating with ICO for a long time that involved illegal in sticking to Starwood ‘s visitor booking database, “said Arne C., CEO of Marriott International.
Marriott disclosed the theft of data on November 30, 2018 and said the malware spent more than four years inside the Marriott Starwood system accessing 500 million guest records that included names, payment card information and other PIIs. Marriott said in a statement that the malware was already living in Starwood ‘s booking system then when the hotel chain acquired it in 2016.
The database in question is no longer in use.
Marriott ‘s losses come just a day after the ICO hit British Airways with record losses of £183 for last year ‘s data leak, which compromised the personal data of 500 million airline customers.
These losses serve as a reminder to any company suffering from a weak attitude towards security. Processing and storing customer data must be number one. This will well be the first major fines issued by ICO, “said Tony P., CEO of Egress Software.