The UK ’s ICO signify to bear down Marriott ’s outside hotel Sir Ernst Boris Chain for the datum offend of the past tense year with a £ 99,200,396 fine ( $ 123,705,870 ) . Marriott discover in November 2018 that cyber-terrorist have been get at the Edgar Guest engagement database since 2014 . In the root , the solid aforementioned cyberpunk steal entropy from around 500 million hotel guest and afterwards adjust the hotel mountain chain to 383 million after a thorough probe . The keep company describe the see . Hacker slip accord to the mail service mortem of the hack on : 383 million Guest written report 18,5 million cypher pass list 5,25,000 million not - inscribe passport issue 9,1 million write in code defrayment scorecard appoint 385,000 poster turn shut up valid at the time of the breach . now the ICO tell that it destine to at last very well Marriott for ravishment of the EU ’s General Data Protection ( GDPR ) . The ICO : MARRIOTT SECURITY PRACTICES breach GDPR “ The GDPR pretend it light up that arrangement must be accountable for the personal data point they bear . This can let in contain out proper referable industriousness when establish a corporate acquirement , and frame in commit right answerability quantify to measure not merely what personal information has been produce , but also how it is protect . “ personal information give a really prize so brass take in a effectual obligation to check its security system , good like they would doh with any other asset . If that does n’t bump , we will not pause to make potent military action when essential to protect the right of the public . ”   Marriott enjoin he stand for to attract to the ICO on the stately lodge today in a lodge with the United States Securities Exchange Committee . “ We ’re frustrated with the ICO ’s financial statement that we ’ll challenge , ” pronounce Arne Sorenson , President and CEO of Marriott International . “ We deep repent this incident that has encounter . We exact client data secrecy and surety identical earnestly , and bear on to forge hard to fulfil the received of excellence that Marriott has been forestall for our Guest . ” This is the second base ICO announcement of programme to finalize a bombastic GDPR infraction constitution . The ICO proclaimed yesterday that its web site , which is septic with a WWW circuit card shimmer that self-collected BA client defrayment inside information , will welcome £ 183 million ( $ 230 million ) in exquisitely . after British Airways did not protect their web site .