Marriott Hotels breach – UK regulators involved

30 November 2018

UK data protection regulator the ICO has confirmed that it has received notification from Marriott Hotels regarding the widely reported hack (said to involve 500M consumers) involving the Starwood reservation system (see https://www.bbc.co.uk/news/technology-46401890 ).  The ICO says only that it is ‘making enquiries’.

Unfortunate for Marriott, but this could show how GDPR enforcement powers involving cross-border issues will work in practice, as well as (potentially) how penalties will be applied in large scale data breach cases.  Marriott’s last accounts (y/e December 2017) showed annual turnover of $1.1 billion;  as a security breach falls into the “lower” category of penalty, which is €10M or 2% worldwide turnover, Marriott’s potential penalty exposure to EU authorities is in the region of €200 million.

Eddie Powell Author
Eddie Powell
Partner
About the author

Tags:
,