Marriott droht hohe Strafe

DSGVO: Marriott hotel chain threatens heavy fine

Marriott threatened with 110 million euros fine

The British data protection authority Information Commissioner’s Office (ICO) has announced that it intends to fine the hotel group Marriott International (according to Wikipedia the world’s largest hotel chain) for violations of the EU-DSGVO with a fine of 110 million euros.

The proposed fine relates to a cyber incident reported to the ICO by Marriott in November 2018.

Reason: Infringement of Art. 32 DSGVO “Security of processing”.

Hackers were able to penetrate systems of the Starwood hotel chain and copy personal information of guests, including passport and credit card numbers, between 2014 and 2018. Starwood was acquired by Marriott in 2014. The extensive investigation of the incident showed that Marriott did not exercise due diligence in the takeover and did not do enough to better secure its systems. According to Spiegel, the data captured by the chain included 5.25 million unencrypted ID numbers and 385,000 payment card numbers that were still valid. Of the captured customer profiles, around 30 million belong to the European Economic Area (EEA).

The hotel chain will now have the opportunity to make a statement to the ICO regarding the findings and sanctions.

Picture: Marriott

British Airways also faces heavy fines – read here.


Note: This is a machine translation. It is neither 100% complete nor 100% correct. We can therefore not guarantee the result.