U.K. Seeks to Fine Marriott International Over Starwood Hack

Nuix's latest Black Report offers insights straight from the mouths of hackers and penetration testers (Image xijian / iStockPhoto)
Photo by xijian / iStockPhoto

The U.K. Information Commissioner’s Office (ICO) announced it intends to fine Marriott International over a security breach that exposed the personal information of guests in the Starwood reservations database since 2014. The intended fine amounts to just over £99.2 million (approximately $123.5 million). 

In a written statement, Marriott said that it has the right to respond before any final determination is made and a fine can be issued by the ICO, and that it will “respond and vigorously defend its position.”

“We are disappointed with this notice of intent from the ICO, which we will contest,” said Marriott President and CEO Arne Sorenson. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

Virtual Event

Pivoting Back to Travel, The Destination Weddings & Honeymoons Edition

2020 put the nuptial plans of thousands upon thousands of couples on hold, but with the promise of widespread vaccine distribution in the near future, it’s time to get back to planning and ensure your clients live out the destination weddings & honeymoons of their dreams. Hear from top suppliers and destinations on wedding venue & ceremony options, romantic destinations & resorts and more when you watch the event on-demand.

Marriott also said that the Starwood guest reservation database that was attacked is no longer used for business operations. 

Marriott first announced the hack on November 30, 2018. It affected the personal information of customers, including passport and credit card numbers, in its Starwood reservations database, which it had acquired during the Starwood – Marriott merger in 2016. The database included the Starwood brands W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties (Sheraton Vacation Club, Westin Vacation Club, The Luxury Collection Residence Club, St. Regis Residence Club, and Vistana) were also included. 

In its most recent update, released earlier this year, Marriott estimated that approximately 383 million guest records, at most, were involved in the incident. The actual number of guests was lower, Marriott said, because in many cases there were multiple records for the same guest. The company also said that approximately 5.25 million unencrypted passport numbers were exposed, as well as approximately 20.3 million encrypted passport numbers. 

Following the incident, Marriott established a website with information for guests who believe they may have been involved in the incident, with phone numbers to reach the company’s dedicated call center. That website is available at https://info.starwoodhotels.com/

The article originally appeared on www.travelagentcentral.com.

Related Articles

British Airways Faces $229 Million Fine Over Data Breach

Signature Hires Three for Preferred Partnership Department

When Will the Boeing 737 MAX Return - and Would You Feel Safe Boarding One?

TCS World Travel and Travcoa Merge Operations

Suggested Articles:

Four Seasons Hotel Hong Kong has announced the completion of the first phase of its top-to-bottom renovation. Read more here.

Wildflower Farms, Auberge Resorts Collection will be a nature-inspired luxury retreat in the Hudson Valley. It’s slated to open in fall 2022.

Shangri-La Group will develop a luxury hotel just north of the Nijo Castle, a UNESCO World Heritage Site, in Kyoto. Learn more here.