The international hotel group Marriott is to be fined almost £100m by the Information Commissioner’s Office after hackers stole the records of 339 million guests.
In November, Marriott International, the parent company of hotel chains including W, Westin, Le Méridien and Sheraton, admitted that personal data including credit card details, passport numbers and dates of birth had been stolen in a colossal global hack of guest records.
It is the second time in two days the ICO has flexed its muscle to impose huge fines using extensive powers relating to breaches under the General Data Protection Regulation (GDPR). On Monday, British Airways received a £183m fine after a hack involving personal data of half a million of the airline’s customers, the ICO’s first GDPR fine.
The ICO, which is proposing a £99.2m fine for Marriott, said that about 30 million of the hacked guest records related to residents of 31 countries in the European Economic Area. Seven million related to UK residents.
Marriott said it would appeal against…