Marriott Hotels has been fined £18.4 million by the UK's data privacy watchdog for a data breach that first started in 2014 and lasted until 2018.
This mega data breach saw the names, email addresses, phone numbers, passport numbers
arrival and departure information, VIP status plus loyalty programme numbers exposed to the hackers of around 339 million guests. That vast number of people affected includes seven million UK based guests.
The Information Commissioner's Office (ICO) said Marriott failed to put appropriate safeguards in place. "Millions of people's data was affected by Marriott's failure," commissioner Elizabeth Denham said. "Thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not."
Despite fining the hotel firm, the ICO said Marriott had acted quickly once it found the breach and had improved systems since. "The ICO recognises the steps taken by Marriott following discovery of the incident to promptly inform and protect the interests of its guests,"
This fine does not take into consideration a data loss from Marriott in 2019, which affected guests based in other countries and territories.