2 min read

Marriott data breach fine slashed to £18.4 million by UK regulator

Graham CLULEY

October 30, 2020

Marriott data breach fine slashed to £18.4 million by UK regulator
  • ICO initially fined Marriott International £99.2 million
  • Fine massively reduced in part due to COVID-19’s impact on hotel industry

Marriott International has been fined £18.4 million (US $23.8 million) for its failure to adequately protect the personal records 339 million guests.

The fine, imposed by UK data regulator, the Information Commissioner”s Office (ICO), is a massive 81% less than the £99.2 million fine originally imposed upon the hotel group last year.

It is now two years since Marriott warned the public that hackers had managed to gain unauthorised access to the Starwood guest reservation database since 2014, exposing guests’ names, mailing addresses, phone numbers, email addresses, Starwood Preferred Guest (“SPG”) account information, dates of birth, genders, arrival and departure information, reservation dates, and communication preferences. In addition,
millions of encrypted payment card numbers and passport numbers were also breached.

The hackers continued to exfiltrate sensitive data from the system after Marriott acquired Starwood in 2016, continuing to steal personal data unnoticed by Marriott until 2018.

At the time, the breach was described as the second-biggest data breach in history.

The ICO determined that Marriott “failed to undertake sufficient due diligence” when it bought Starwood and should have done more to secure its systems from cybercriminals, but has now dramatically reduced the fine it is imposing on the international company.

Why the massive reduction from $99.2 million to £18.4 million? According to the ICO, it has now taken into account steps Marriott has taken to mitigate the effects of the incident and the economic impact COVID-19 has had on the hotel business.

A similar decision was made two weeks ago by the ICO in relation to British Airways, which has had its 2018 data breach fine reduced from £183 million to £20 million, despite a catalogue of errors.

The UK’s Information Commissioner, Elizabeth Denham, said:

“Personal data is precious and businesses have to look after it. Millions of people”s data was affected by Marriott”s failure; thousands contacted a helpline and others may have had to take action to protect their personal data because the company they trusted it with had not.”

I certainly can’t disagree with that.

And although I’m sympathetic with those who hold the view that Marriott has dodged something a financial bullet – due to the coincidence that it was being investigated for a massive data breach while the hotel industry was struggling from a global pandemic – I do hope that even this reduced fine will help wake up other companies to the need to always treat data security as a priority.

Maybe other companies also need to more carefully consider the importance of security audits when merge, and not take for granted that it is already secured against hackers.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read