Skip to main content

Marriott Hotels Faces Sh12.6 Billion Fine for Data Breach

N

Nyakundi Report

Newsroom 2 min read

This archive report was first published on 10 July 2019.

On November 30, 2018, Marriott International revealed a massive data breach that exposed the personal information of approximately 339 million customers. The breach, which occurred in 2014, was discovered after Marriott acquired Starwood Hotels & Resorts in 2016.

According to the Information Commissioner's Office (ICO), Marriott failed to properly secure the systems of Starwood, which included properties such as Trump Turnberry in Ayrshire, London's Park Lane Sheraton Grand, Westbury Mayfair, and Le Meridien Piccadilly.

Marriott International's president and chief executive, Arne Sorenson, expressed disappointment with the ICO's announcement and stated that the company would contest the fine. 'Marriott has been co-operating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database,' he said.

Information Commissioner Elizabeth Denham emphasized the importance of organizations being accountable for the personal data they hold, stating, 'The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.'

The fine of Sh12.6 billion is a significant penalty for Marriott, and the company will likely face further scrutiny in the coming months.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →