(Reuters) — Britain’s information watchdog mentioned on Friday it has fined Marriott Worldwide £18.4 million ($23.98 million) in a six-year-old cyberattack on its Starwood resort reservation system in one of many largest information breaches in historical past.
The hack started in 2014, earlier than Marriott provided to purchase Starwood Inns, and affected 339 million visitor data.
The Data Commissioner’s Workplace (ICO) mentioned that Marriott did not put applicable measures in place to safe prospects’ private information from the assault, which was from an unknown supply and remained undetected till September 2018.
The regulator added that it traced the cyberattack again to 2014, however the penalty solely pertains to the breach from March 25, 2018, when new guidelines below the Basic Information Safety Regulation (GDPR) got here into impact.
The nice is way decrease than the £99.2 million penalty the info watchdog had proposed to levy on the resort operator final 12 months.
The corporate can also be going through a London class motion by hundreds of thousands of former company demanding compensation.
“Marriott doesn’t intend to attraction the choice, however makes no admission of legal responsibility in relation to the choice or the underlying allegations,” the resort chain mentioned.
The private information could have included names, e mail addresses, telephone numbers and unencrypted passport numbers amongst different issues, the ICO mentioned.