Marriott International has been the target of a US senator, class action lawsuit and could potentially face a GDPR fine following the announcement that the data of approximately 500 million guests had been compromised.
US Senator Charles Schumer has called on the hotel firm to reimburse those affected to allow them to purchase new passports, and two US-based law firms are understood to have filed a class action lawsuit against the company.
And despite Marriott being US-based, as some guests will have been citizens of the European Union, the breach falls under EU GDPR legislation meaning the hotel group could face a fine of up to €20m (£17.8m) or 4% of its annual turnover. Marriott's turnover in 2017 was $22.9b (£20.4b).
On 8 September 2018, Marriott was alerted to an attempt to access the Starwood guest reservation database and has discovered there has been unauthorised access to the database since 2014. Marriott acquired Starwood in 2016.
For approximately 327 million guests, the information included some combination of name, address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.
See next week's Caterer magazine for Craig's viewpoint feature on the Marriott hack.