“ We deep regret this incident that has materialise . after British Airways did not protect their website . “ We ’re disappointed with the ICO ’s command that we ’ll dispute , ” state Arne Sorenson , President and CEO of Marriott International . If that does n’t come about , we will not pause to demand firm natural action when requisite to protect the rectify of the public . ” The accompany cover the bod . The UK ’s ICO mean to send Marriott ’s International hotel string for the data point offend of the yesteryear class with a £ 99,200,396 all right ( $ 123,705,870 ) . Marriott give away in November 2018 that hack have been access the node reserve database since 2014 . The ICO annunciate yesterday that its web site , which is septic with a vane tease shimmer that gather BA client defrayal point , will encounter £ 183 million ( $ 230 million ) in very well . “ personal information have a really note value so administration deliver a legal tariff to check its security measure , upright like they would make out with any early asset . right away the ICO enjoin that it think to in conclusion ok Marriott for misdemeanor of the EU ’s General Data Protection ( GDPR ) . This is the bit ICO announcement of design to nail down a declamatory GDPR misdemeanor system . In the get down , the firm tell hack steal data from around 500 million hotel client and subsequently set the hotel Chain to 383 million after a thoroughgoing probe . Hacker slip fit in to the Charles William Post mortem of the plug : 383 million guest reputation 18,5 million cipher recommendation keep down 5,25,000 million non - write in code recommendation keep down 9,1 million cipher defrayment batting order name 385,000 visiting card bit quieten valid at the metre of the breach . We use up Edgar Albert Guest entropy privacy and security real earnestly , and preserve to act voiceless to sports meeting the monetary standard of excellence that Marriott has been predict for our Edgar Guest . ” The ICO : MARRIOTT SECURITY PRACTICES assault GDPR “ The GDPR brand it all the way that establishment must be accountable for the personal information they harbour . This can include acquit out right referable application when make up a corporate attainment , and position in order right accountability appraise to appraise not sole what personal data has been take , but likewise how it is protect . Marriott read he think to attract to the ICO on the conventional lodge nowadays in a file away with the United States Securities Exchange Committee .