The Information Commissioner’s Office (ICO) intends to fine US hotel group, Marriot International, £99.2m following a data breach reported in 2018. Personal data from approximately 339 million guest records were compromised, 7 million of which related to UK residents. It is thought that the breach began in the systems of the Starwood hotels group in 2014, which Marriot then bought in 2016. The ICO found that Marriot had failed to carry out sufficient due diligence after the acquisition. Such infringement of the EU’s General Data Protection Regulation (GDPR) legislation can carry heavy penalties.
Customers’ who think they may have been affected should monitor their bank accounts and report any suspicious activity to their provider. Be wary of unsolicited phone calls and emails, even if they seem to be from a legitimate source, as stolen personal information can be used to make these attacks more convincing. Do not use email links to enter your login credentials as they may be phishing attempts. If you receive an email with an invoice attached for a service you haven’t used, do not open the attachment as it may contain malware.