DATA PROTECTION AUTHORITY FINES MARRIOTT HOTELS FOR DATA BREACH

RETURN TO MAIN BLOG


Turkey has imposed an administrative fine of TL 1.5 million on U.S.-based Marriott International due to a five-year security breach of the giant hotel chain.The hotel’s database has 1.2 million customer records from Turkey; however, the number of people affected by the security breach cannot be determined at the moment because of multiple entries for the same customer.

The Personal Data Protection Board (KVKK), which reviewed the statements submitted by Marriott International Inc. on Dec. 4, 2018 and March 28, 2019, decided to impose an administrative fine of TL 1.5 million on Marriott. In December 2018, cyberattackers seized data from nearly 500 million visitors staying at Marriott’s Starwood group hotels. The security breaches between 2014 and 2018 also included a combination of birth date, passport, email and credit card information of those staying in the said hotels. The Marriott Group notified the KVKK on the subject under the Personal Data Protection Act in force in Turkey. After reviewing these notifications, the board announced that among the 383 million customer records, there are approximately 1.24 million Marriott customers residing in Turkey. However, it was also noted that the number of Turkish customers affected by the breach could not be determined precisely due to inaccurately stored customer information.

DAILYSABAH