UK watchdog proposes to fine Marriott $124 million over data breach

Marriott International Inc said on Tuesday the UK Information Commissioner's Office (ICO) had proposed to fine the hotel chain $124 million due to a massive data breach in its Starwood hotels reservation system.

In November, Marriott disclosed it had discovered the Starwood reservation database had been hacked over a four-year period in one of the largest breaches in history, involving up to 383 million guests.

"We are disappointed with this notice of intent from the ICO, which we will contest," Marriott Chief Executive Officer Arne Sorenson said in a statement.

Marriott's fine is one of the largest from the British data protection watchdog, which on Monday proposed a record 183.4 million pound ($230 million) penalty for British Airways-owner IAG for the theft of data from 500,000 customers from its website last year.

As of March, at least five US states were also investigating the Marriott breach, making it potentially even more expensive for the hotel group.

The hack began in 2014, a year before Marriott offered to buy Starwood to create the world's largest hotel operator. The $13.6 billion deal closed in September 2016.

Several million customer records containing information including passport details, birthdates, addresses, phone numbers and email addresses were exposed, according to the company.

The hackers also accessed payment card data for an undisclosed number of customers.