After one of the largest data breaches in history, affecting an estimated 500 million guests, Marriott International Chief Financial Officer Leeny Oberg said the attack is too recent to estimate how much it will cost the company, and that it’s hard to compare attacks between other companies and Marriott, according to a report by Bloomberg.
The company was made aware of the attack in September, after an alert from an internal security tool. The breach affected Starwood Hotels and Resorts, which Marriott bought in 2016 for $13.6 billion. Hackers went after credit card and passport numbers and loyalty account information.
Oberg, who was at an investor conference on Wednesday, stressed that it was a singular situation that shouldn’t be compared to other massive data breaches.
“Any situation that you’ve seen from other companies, they are all highly individual, and no one should make an assumption about, if it was this way for one company, it will be that way for another,” Oberg said at the Barclays Gaming and Lodging Conference in her first public comments since the hack. “You do expect there will be material costs associated with this.”
There are definite consequences for the company. Marriott could see $200 million in costs between fines and court-related expenses. It would also cost $1 per customer to notify everyone affected and to also provide free data monitoring services, according to a note from Morgan Stanley.
Bloomberg Intelligence Analysts Tamlin Bason and Holly Froum estimated the total costs at around $1 billion, and that includes a possible fine of around $450 million, which is roughly 2 percent of the company’s 2017 revenue.
In addition to the monetary consequences, Marriott now has to deal with multiple investigations, from the state attorneys general to European regulators and even the Senate Commerce Committee, which set a date of Dec. 17 for the company to provide a detailed timeline of events and also an explanation of its own investigation into the matter.