The UK’s Information Commissioner’s Office announced that it intends to fine hotel giant Marriott International $123 million for a data breach that exposed the sensitive data of 339 million guests.
The ICO said that Marriott had “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems” in its investigation of the breach. The ICO’s intention to fine Marriott is based on “infringements of the General Data Protection Regulation.”
The incident occurred in 2014 when the hotel company Starwood’s database was breached. Marriott bought Starwood in 2016 and inherited the breach that went undetected until November 2018.