You might also like:
The U.K. Information Commissioner’s Office (ICO) proposes to fine Marriott International 99.2 million British pounds ($123.5 million) for the massive data breach reported last November.
On Monday, the ICO proposed to fine British Airways 183.4 million British pounds ($229 million) for its data breach last year.
“Personal data has a real value, so organizations have a legal duty to ensure its security, just like they would do with any other asset,” said U.K. information commissioner Elizabeth Denham in a press release. “If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
Marriott has a right to respond before the ICO issues its fine. In a statement, the company said it “intends to respond and vigorously defend its position.”
Marriott International president and CEO Arne Sorenson said, “We are disappointed with this notice of intent from the ICO, which we will contest. Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.”
Marriott had said the breach of Starwood’s reservation system had allowed unauthorized access since 2014, before Marriott acquired Starwood in September 2016. The breach was found to have exposed as many as 383 million records, including combinations of names, mailing addresses, phone numbers, email addresses, passport numbers and payment card numbers, among other personal information.