ICO continues power trip with £99m GDPR fine for Marriott International
Fresh from throwing a record-breaking £183m fine in the direction of British Airways, the ICO on Tuesday announced that it's continuing its power trip and slapping Marriott International with a hefty fine of £99,200,396, to be precise.
The penalty relates to the mega-breach the hotel chain fessed up to in November last year. While, at the time, Marriott said the breach affected 500 million customers, the ICO's probing has revealed that a total of 339 million guest records globally were exposed, of which seven million related to British visitors.
According to a post mortem of the hack, hackers stole:
383 million guest records
18.5 million encrypted passport numbers
5.25 million unencrypted passport numbers
9.1 million encrypted payment card numbers
385,000 card numbers that were still valid at the time of the breach