(Reuters) – Britain’s information watchdog mentioned on Friday it has fined Marriott Worldwide 18.4 million kilos ($23.98 million) in a six-year outdated cyber assault on its Starwood inns reservation system in one of many largest information breaches in historical past.
The hack started in 2014, earlier than Marriott provided to purchase Starwood Inns, and affected 339 million visitor information.
The Info Commissioner’s Workplace (ICO) mentioned that Marriott did not put acceptable measures in place to safe clients’ private information from the assault, which was from an unknown supply and remained undetected till September 2018.
The regulator added that it traced the cyber assault again to 2014, however the penalty solely pertains to the breach from March 25, 2018, when new guidelines below the Normal Information Safety Regulation (GDPR) got here into impact.
The high quality is way decrease than the 99.2 million kilos penalty the information watchdog had proposed to levy on the resort operator final yr.
The corporate can be going through a London class motion by thousands and thousands of former visitors demanding compensation.
“Marriott doesn’t intend to enchantment the choice, however makes no admission of legal responsibility in relation to the choice or the underlying allegations,” the resort chain mentioned.
The non-public information might have included names, electronic mail addresses, telephone numbers and unencrypted passport numbers amongst different issues, the ICO mentioned.
Reporting by Tanishaa Nadkar in Bengaluru; Enhancing by Shailesh Kuber