(Reuters) – Marriott International Inc <MAR.O> said on Tuesday the UK Information Commissioner’s Office (ICO) had proposed to fine the hotel chain 99.2 million pounds due to a massive data breach in its Starwood hotels reservation system.
In November, Marriott disclosed it had discovered the Starwood reservation database had been hacked over a four-year period in one of the largest breaches in history, involving up to 383 million guests.
“We are disappointed with this notice of intent from the ICO, which we will contest,” Marriott Chief Executive Officer Arne Sorenson said in a statement.
Marriott’s fine is one of the largest from the British data protection watchdog, which on Monday proposed a record 183.4 million pound ($230 million) penalty for British Airways-owner IAG <ICAG.L> for the theft of data from 500,000 customers from its website last year.
As of March, at least five U.S. states were also investigating the Marriott breach, making it potentially even more expensive for the hotel group.
(Reporting by Uday Sampath in Bengaluru; Editing by Maju Samuel)