Tweet
Marriott estimates that 339 million guest records worldwide were affected following a cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc. The attack, from an unknown source, remained undetected until September 2018, by which time the company had been acquired by Marriott. The personal data involved differed between individuals but may have included names, email addresses, phone numbers, unencrypted passport numbers, arrival/departure information, guests’ VIP status and loyalty programme membership number.
The precise number of people affected is unclear as there may have been multiple records for an individual guest. Seven million guest records related to people in the UK. The ICO’s investigation found that there were failures by Marriott to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the General Data Protection Regulation (GDPR).
Source: ICO
- Hi & Welcome to the AAD Consumer Forum
We're a FREE consumer debt and legal forum offering help, support and debate in many areas of day-to-day life. You will need to Register a Free Account before you can join in with the discussion and contribute with your own posts. Remember to also check out the FAQ's so you can get to grips with how the forum works ready to start posting your new topics. Read about the new GDPR 2018 Rules and how it affects you as a member of AAD.