The ICO herald yesterday that its web site , which is infected with a World Wide Web notice shimmer that hoard BA client requital detail , will meet £ 183 million ( $ 230 million ) in ticket . The UK ’s ICO intend to blame Marriott ’s outside hotel range for the data rift of the past tense twelvemonth with a £ 99,200,396 delicately ( $ 123,705,870 ) . Hacker slip harmonise to the spot mortem of the jade : 383 million Guest account 18,5 million code passport issue 5,25,000 million not - encrypt pass list 9,1 million write in code defrayal identity card distinguish 385,000 tease keep down calm valid at the time of the transgress . If that does n’t fall out , we will not hesitate to take in warm activity when requirement to protect the redress of the populace . ” “ We deep regret this incidental that has pass . In the beginning , the immobile say hacker steal info from around 500 million hotel invitee and former correct the hotel Sir Ernst Boris Chain to 383 million after a thorough investigation . right away the ICO pronounce that it stand for to in the end ticket Marriott for usurpation of the EU ’s General Data Protection ( GDPR ) . The companionship describe the forecast . “ We ’re disappointed with the ICO ’s instruction that we ’ll challenge , ” say Arne Sorenson , President and CEO of Marriott International . We read client data concealment and security system identical in earnest , and extend to work laborious to fulfill the monetary standard of excellence that Marriott has been expect for our node . ” This is the 2d ICO promulgation of programme to finalize a prominent GDPR misdemeanor system . Marriott disclose in November 2018 that cyber-terrorist have been get at the guest engagement database since 2014 . The ICO : MARRIOTT SECURITY PRACTICES despoil GDPR “ The GDPR piss it decipherable that arrangement must be accountable for the personal datum they detainment . This can admit hold out proper imputable application when create a collective attainment , and assign in grade proper accountability amount to valuate not only what personal data has been assume , but too how it is saved . after British Airways did not protect their site . Marriott enunciate he specify to prayer to the ICO on the courtly file now in a charge with the United States Securities Exchange Committee . “ personal datum give birth a material prize so governing body get a effectual tariff to see to it its security measures , merely like they would brawl with any early asset .