U.K. Seeks to Fine Marriott International Over Starwood Hack

Nuix's latest Black Report offers insights straight from the mouths of hackers and penetration testers (Image xijian / iStockPhoto)
Photo by xijian / iStockPhoto

The U.K. Information Commissioner’s Office (ICO) announced it intends to fine Marriott International over a security breach that exposed the personal information of guests in the Starwood reservations database since 2014. The intended fine amounts to just over £99.2 million (approximately $123.5 million). 

In a written statement, Marriott said that it has the right to respond before any final determination is made and a fine can be issued by the ICO, and that it will “respond and vigorously defend its position.”

“We are disappointed with this notice of intent from the ICO, which we will contest,” said Marriott President and CEO Arne Sorenson. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

FREE Virtual Event

Pivoting Back to Travel: Phase 4

Are you prepared to guide your clients through the “new normal” of travel? Join us December 15, 2020 from 1pm-2:20pm EST for Pivoting Back to Travel: Phase 4. The upcoming installment of our FREE virtual series will feature presentations from the Cayman Islands, Dominican Republic, and Seabourn on their most up-to-date travel procedures, health & safety protocols they’ve implemented to keep guests safe, activities that are open to visitors, what your clients need to know while on their trip and more! Visit www.pivotingbacktotravel to view the full agenda and register for your FREE pass.

Marriott also said that the Starwood guest reservation database that was attacked is no longer used for business operations. 

Marriott first announced the hack on November 30, 2018. It affected the personal information of customers, including passport and credit card numbers, in its Starwood reservations database, which it had acquired during the Starwood – Marriott merger in 2016. The database included the Starwood brands W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties (Sheraton Vacation Club, Westin Vacation Club, The Luxury Collection Residence Club, St. Regis Residence Club, and Vistana) were also included. 

In its most recent update, released earlier this year, Marriott estimated that approximately 383 million guest records, at most, were involved in the incident. The actual number of guests was lower, Marriott said, because in many cases there were multiple records for the same guest. The company also said that approximately 5.25 million unencrypted passport numbers were exposed, as well as approximately 20.3 million encrypted passport numbers. 

Following the incident, Marriott established a website with information for guests who believe they may have been involved in the incident, with phone numbers to reach the company’s dedicated call center. That website is available at https://info.starwoodhotels.com/

The article originally appeared on www.travelagentcentral.com.

Related Articles

British Airways Faces $229 Million Fine Over Data Breach

Signature Hires Three for Preferred Partnership Department

When Will the Boeing 737 MAX Return - and Would You Feel Safe Boarding One?

TCS World Travel and Travcoa Merge Operations

Suggested Articles:

Rosewood Washington, D.C. recently unveiled six new townhouses as the final component of the property’s recent renovation. See more here.

Royal Caribbean Group's brands—Royal Caribbean, Celebrity Cruises, Silversea and Azamara—have paused operations through at least February 28, 2021.

Bulgari's 11th hotel will be located in Miami Beach, making it the brand's first-ever property in the United States. It's slated to open in 2024.