Marriott International has been fined £18.4m by the Information Commissioner’s Office (ICO).
Following a data breach that leaked the names, contact information, and passport details of up to 339m guests worldwide.
The ICO said that the breach started as far back as 2014 but was not detected until 2018. According to the watchdog, the hotel chain did not make sufficient measures to protect customers.
Information Commissioner, Elizabeth Denham, said: “Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not. When a business fails to look after customers’ data, the impact is not just a possible fine, what matters most is the public whose data they had a duty to protect.”
The original fine for Marriott International proposed by the ICO was £99m, however, amid the pandemic and the chain’s efforts to mitigate the impact, the fine was reduced.
Chris Combemale, chief executive of the Data & Marketing Association, commented: “Given the dramatic fall in revenue that the travel and leisure sector has experienced during the coronavirus pandemic, these fines send a very powerful message to organisations that they must invest in keeping their customers’ data secure. Otherwise, they will face penalties that could prove far more costly to the business.”