Marriott Hotels Data Breach
In November 2018, Marriott International (the Parent Company of Marriott Hotels) admitted that they have suffered a major data breach of customers personal data including credit card details, passport details and dates of birth. The data breach itself dates back as far as 2014. Of the 30 million customer records that were stolen over this time, several million related to UK residents. The Marriott data breach occurred following a hack by cyber criminals. The Information Commissioners Office (ICO) stated that Marriott Hotels should have made sure their IT systems were more secure.
The Information Commissioner said: “the GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but how it is protected”