Saturday, January 25, 2025
HomeCyber Security NewsMarriott International Facing More than $120 Million Fine Under GDPR for 2018...

Marriott International Facing More than $120 Million Fine Under GDPR for 2018 Data Breach

Published on

SIEM as a Service

Follow Us on Google News

Marriott International fined over £99 million ($123 Millon) under the General Data Protection Regulation (GDPR) for failure to protect customer data.

Information Commissioner’s Office (ICO) issued a fine notice to Marriott for 2018 data breach, in which approximately 339 million guest records were exposed globally.

The fine imposed to Marriott for breaches of data protection law which applies to all companies that collect and process data belonging to the European Union (EU) citizens.

The cyber incident that was targeted to Marriott caused around 30 million related to residents records of 31 countries in the European Economic Area (EEA). Seven million records related to UK residents.

Marriott learned hackers exploit the vulnerability and gained unauthorized access to the Starwood network since 2014, they copied, encrypted information and taken steps to remove it. Marriott International acquired Starwood Hotels & Resorts in the mid-2016.

The investigation done by the Information Commissioner’s Office (ICO) found that  Marriott failed to undertake sufficient security measures when it bought Starwood.

According to Information Commissioner Elizabeth Denham said, “The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”

Also, ICO warns “personal data is highly valuable and the companies ensure the security to their customers, if its failed, we will not hesitate to take strong action when necessary to protect the rights of the public.”

ICO has investigated this case with the lead supervisory authority on behalf of other EU Member State data protection authorities.

Marriott has completely cooperated with ICO and made adequate security changes soon after they learned this security incident.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

PayPal Fined $2 Million Fine For Violating Cybersecurity Regulations

The New York State Department of Financial Services (NYDFS) has imposed a $2 million...