Marriott Fined $23.9 Million by Regulator Over Cyber-Attack (1)

Marriott International Inc. was fined 18.4 million pounds ($23.9 million) by the U.K. privacy regulator for failing to protect the data of millions of customers during a hacking attack on reservation databases.

The penalty by the Information Commissioner’s Office Friday is a fraction of the 99 million pound-fine the watchdog had planned to issue last year. Marriott estimates some 339 million guest records were exposed during a cyber-attack in 2014, that remained undetected until 2018. About seven million British guests were affected, the ICO said.

“Millions of people’s data was affected by Marriott’s failure; thousands contacted a helpline and others ...