U.K. Seeks to Fine Marriott International Over Starwood Hack

Nuix's latest Black Report offers insights straight from the mouths of hackers and penetration testers (Image xijian / iStockPhoto)
Photo by xijian / iStockPhoto

The U.K. Information Commissioner’s Office (ICO) announced it intends to fine Marriott International over a security breach that exposed the personal information of guests in the Starwood reservations database since 2014. The intended fine amounts to just over £99.2 million (approximately $123.5 million). 

In a written statement, Marriott said that it has the right to respond before any final determination is made and a fine can be issued by the ICO, and that it will “respond and vigorously defend its position.”

“We are disappointed with this notice of intent from the ICO, which we will contest,” said Marriott President and CEO Arne Sorenson. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”

Free Luxury Travel Newsletter

Like this story? Subscribe to The Dossier

Luxury Travel Advisor’s only newsletter, covering unique destinations and product news for affluent travelers. Delivered every Tuesday & Thursday.

Marriott also said that the Starwood guest reservation database that was attacked is no longer used for business operations. 

Marriott first announced the hack on November 30, 2018. It affected the personal information of customers, including passport and credit card numbers, in its Starwood reservations database, which it had acquired during the Starwood – Marriott merger in 2016. The database included the Starwood brands W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Méridien Hotels & Resorts, Four Points by Sheraton and Design Hotels. Starwood branded timeshare properties (Sheraton Vacation Club, Westin Vacation Club, The Luxury Collection Residence Club, St. Regis Residence Club, and Vistana) were also included. 

In its most recent update, released earlier this year, Marriott estimated that approximately 383 million guest records, at most, were involved in the incident. The actual number of guests was lower, Marriott said, because in many cases there were multiple records for the same guest. The company also said that approximately 5.25 million unencrypted passport numbers were exposed, as well as approximately 20.3 million encrypted passport numbers. 

Following the incident, Marriott established a website with information for guests who believe they may have been involved in the incident, with phone numbers to reach the company’s dedicated call center. That website is available at https://info.starwoodhotels.com/

The article originally appeared on www.travelagentcentral.com.

Related Articles

British Airways Faces $229 Million Fine Over Data Breach

Signature Hires Three for Preferred Partnership Department

When Will the Boeing 737 MAX Return - and Would You Feel Safe Boarding One?

TCS World Travel and Travcoa Merge Operations

Suggested Articles:

Steppes Travel debuted a glamping holiday in Bolivia: Six yurt-like tents scattered nationwide, which can be positioned within eight national parks.

With nearly each day spent in a different country, cruising can be efficient if you want to sample a range of places in a short time. Read more.

The S.S. São Gabriel, one of four new Super Ships launching next year, will makes its debut in Portugal on April 9, 2020. Read more here.