Marriott Faces Major GDPR Fine

The US hotel group Marriott is now dealing with a hefty $123 million fine following a significant data breach last year.

A statement regarding the General Data Protection Regulation (GDPR) emphasizes the importance of organizations being accountable for the personal data they hold. This includes conducting thorough due diligence during corporate acquisitions and implementing appropriate accountability measures to evaluate the acquired personal data and ensure its protection.

The statement further emphasizes that personal data has substantial value, and organizations are legally obligated to safeguard it as they would any other asset. Failure to do so may result in decisive action to safeguard public rights.

This fine comes shortly after British Airways received a $229 million penalty for a data breach that exposed personal information of approximately 500,000 customers. Marriott’s data breach occurred in September 2018, with the incident reported in November of the same year. Initially, it was believed that personal information of 500 million customers was compromised; however, subsequent investigations revealed that approximately 383 million guest records, 9.1 million encrypted payment card numbers, and 18.5 million encrypted passport numbers were impacted. Additionally, 385,000 valid payment card numbers and 5.25 million unencrypted passport numbers were compromised.