Marriott International acknowledges the decision issued by the UK Information Commissioner’s Office (the “ICO”), which brings an end to the UK and EU regulatory investigation of the Starwood reservations database incident reported by Marriott in November 2018.
The decision includes a fine of £18.4 million. Marriott does not intend to appeal the decision, but makes no admission of liability in relation to the decision or the underlying allegations. As the ICO acknowledges, Marriott cooperated fully throughout the investigation.
Marriott deeply regrets the incident. Marriott remains committed to the privacy and security of its guests’ information and continues to make significant investments in security measures for its systems, as the ICO recognizes. The ICO also recognizes the steps taken by Marriott following discovery of the incident to promptly inform and protect the interests of its guests.
Marriott wants to reassure guests that the incident and the ICO’s decision involved only Starwood’s separate network, which is no longer in use.