The UK's data privacy regulator has said it plans to fine the US hotel group Marriott International £99.2m.
The penalty relates to a data breach that resulted in about 339 million guests' having had their personal details exposed.
The incident is thought to date back to 2014 but was only discovered in 2018.
It comes a day after the Information Commissioner's Office said it planned to fine British Airways £183m over a separate breach.
The size of both penalties reflect the fact that the watchdog has greater powers as a result of the EU's General Data Protection Regulation (GDPR), which came into force last year.
More to follow