On October 30, 2020, the United Kingdom Information Commissioner’s Office (ICO) reduced a £99.2 million fine to £18.4 million (~$24.6 million) against Marriott International, Inc. for alleged General Data Protection Regulation (GDPR) violations regarding a four-year data breach that impacted Marriot-owned Starwood Hotels’ guest reservation database system from 2014 through 2018.
The breach affected nearly 339 million individuals, and resulted in the release of information including “names, email addresses, phone numbers, passport numbers, arrival and departure information, VIP status and loyalty program numbers.”