Marriot Group to contest hefty data breach fine

Posted in categories

  • World

See also

Publish date 11 July 2019
Issue Number 4738
Diary Legalbrief Today
Marriott International is to contest a UK regulator's plans to issue it with a £99.2m fine for an alleged breach of data protection laws. The hotels business disclosed to the US Securities and Exchange Commission (SEC) on Tuesday that the ...

Marriott International is to contest a UK regulator's plans to issue it with a £99.2m fine for an alleged breach of data protection laws. The hotels business disclosed to the US Securities and Exchange Commission (SEC) on Tuesday that the Information Commissioner's Office (ICO) had issued it with a notice of intent to impose the fine following its investigation into a major data breach that came to light last year. It is the second time in two days that the ICO's plans to issue sizeable fines under the General Data Protection Regulation (GDPR) have come to light early in the process of enforcement, reports Out-Law.com. On Monday, the ICO confirmed that it intends to fine British Airways more than £183m under the GDPR after personal data concerning the airline's customers was compromised by hackers. Marriott announced last November that it had discovered there had been 'unauthorised access' to one of its databases since 2014 following a cyber incident. According to the ICO, approximately 339m guest records were 'exposed by the incident'. In a statement, it said Marriott had 'failed to undertake sufficient due diligence when it bought Starwood (reservation database) and should also have done more to secure its systems'. However, Marriott said it would contest the ICO's plans to issue it with a £99.2m fine. It said the breach 'involved a criminal attack against the Starwood guest reservation database'. Cyber risk expert Ian Birdsey, of Pinsent Masons, said: 'The message from the ICO is clear: cybersecurity and data privacy should form a central part of the due diligence businesses engage in when seeking to acquire other companies.'