The United Kingdom announced that Marriott will be fined up to $23.4 million over their inability to secure their customer’s data by their Information Commissioner’s Office. (ICO) This move stems from their 2018 discovery of a breach in their network.
Marriott, one of the world’s largest hotel chains, had over 500 Million accounts potentially compromised and potentially more before they were found and stopped. The hack was a result of an agent in the Starwood’s reservation system which had been breached prior to Marriott’s acquisition. The previous breach while small, hid a second agent that went undetected for four years. This led to them unknowingly infecting the systems Marriott runs
The fact that Marriott’s fine was so low can be contributed to the swift actions. Under Europe’s General Data Protection Regulation (GDPR) they could have been fined up to 4% of their net worth. “An important mitigating circumstance, which seems to have affected the extent of the fine, is the fact that Marriott moved quickly once it had spotted the breach and has beefed up its security since. Marriott remains committed to the privacy and security of its guests' information and continues to make significant investments in security measures for its systems. The ICO recognizes the steps taken by Marriott following discovery of the incident to promptly inform and protect the interests of its guests," said the firm.”[1]
While Marriott’s payments may be minimized, a breach is a serious manner. Review your cyber policies and procedures in the event of these attacks.
[1] https://www.itproportal.com/news/marriott-hotels-hit-with-one-of-the-largest-gdpr-fines-to-date/
