Marriott International, Inc

€00final

Date Issued

2019-07-09

Regulation

GDPR

Authority

Information Commissioner (ICO)

Country

United Kingdom

Violation Type

Failure to implement sufficient measures to ensure information security

Currency

EUR

Violation Summary

While the trial hasn’t ended yet, the ICO intends to fine the company. This is in accordance with Art. 32 of the GDPR, which the company allegedly infringed in a cyber-incident in November 2018. The incident involved the public exposal of personal records belonging to over 339 million people, out of which 31 million were residents of the European Economic Area. This vulnerability is believed to have been present in the Starwood hotels group, which Marriott International acquired. Due to the inappropriate and insufficient attention paid to the security of the systems, the ICO believes a fine is in order.<strong>Notice:</strong> Marriott is facing a fine of €110,390,200, but this is not yet final. As such, it’s not included in our statistics dashboard.

Articles Violated

Art. 32 GDPR

View Source Document →

Other Fines for Marriott International, Inc

Date	Regulation	Amount (USD)	Type
2020-10-30	GDPR	$22,086,000	Failure to implement sufficient measures to ensure information security