ICO targets Marriott with cyber compromise fine amounting to 0.5% of 2017 revenue

The UK’s Information Commissioner’s Office (ICO) intends to impose a hefty fine of nearly GBP 100 million (US$ 124 million) on international hotel chain Marriott, for last year’s data breach. The penalty, which is sanctioned under the EU’s General Data Protection Regulation (GDPR), is the second significant fine handed down by the ICO in virtually as many days, as BA continues to digest news that the watchdog plans to fine it a record US$ 230 million for a compromise last year.   

With respect to Marriott, last November, the company disclosed that hackers had accessed the Starwood guest reservation database since 2014. Personal information of hundreds of millions of guests was compromised, with Marriott having said the guest reservation system was retired earlier this year.

GDPR increases the maximum penalty that can be imposed on organisations that fail to comply with data protection regulations and experience a compromise to 4% of turnover, with the Marriott sanction amounting to 0.5% of the company’s worldwide turnover in 2017. BA’s fine amounted to 1.5% of the company’s turnover in the same year.


There are no comments yet...Kick things off by filling out the form below.

Leave a Comment