UK ICO fines hotel chain giant Marriott over data breachSecurity Affairs
The Office of the UK Information Commissioner has fined the U.S. Marriott Hotels Group for data leaks in 2018 that affect millions of guests worldwide.
The Office of the UK Information Commissioner has announced a fine of £18.4 million ($23.5 million) for numerous data breaches committed by the company since 2018 which have resulted in the disclosure of personal information about its customers.
ICO fined Marriott International Inc. £18.4 million for failing to protect the personal information of millions of customers. An ICO investigation has shown that Marriott has not taken adequate technical or organisational measures to protect personal data processed in its systems, as required by the General Data Protection Regulation (GDR).
In July 2019, the UK Data Protection Authority announced that the huge hotel chain Marriott International would be fined £99 million ($123 million) under the GDPR for data breaches in 2014.
According to the Office of the UK Information Commissioner, Marriott International did not comply with EU data protection rules in relation to GDPR.
The fine is lower than initially foreseen because, before imposing the final fine, the watchdog took into account Mariott’s efforts to mitigate the incident and the economic impact of Covid-19 on her activities.
In November 2018, the hotel chain announced that 500 million guests at its Starwood hotels might be affected by a security breach in 2014.
This is one of the largest data leaks in history, the largest for the hospitality industry.
Marriott International acquired Starwood Hotels and Resorts Worldwide in 2016 for $13 billion. The brand includes St. John’s. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels.
According to the company, hackers have been accessing Starwood’s guest reservation system since 2014 and are copying and encrypting the information.
The break-in was discovered on the 8th. This was discovered in September when the monitoring system uncovered evidence of an attempt to access Starwood’s booking database in the United States. Two months later, on the 19th. In November, the investigation confirmed an infringement of the archives, which contain information on customer bookings made on or before 10 November. September 2018 in or out of the Starwood facility.
Unknown hackers have access to the personal data of nearly 327 million guests. The compromised data includes names, postal addresses, telephone numbers, e-mail addresses, passport numbers, dates of birth, gender, arrival and departure dates and booking details.
An investigation by Starwood Data Breach showed that the stolen data contained financial data, payment card numbers and expiry dates, even though the cards were encrypted.
According to the Information Commissioner’s Office, 30 million EU citizens have been affected by the data breach, 7 million of them in the United Kingdom.
According to the British watchdog, Marriott did not carry out due diligence on the purchase of Starwood in 2016 and did not take the necessary steps to ensure the safety of its systems.
Personal data is valuable and companies need to take care of it. Millions of these people were affected by the failure of the Marriott; thousands turned to the hotline, and others may have had to take steps to protect their personal information because the company they trusted did not. The Commissioner for Information, Elizabeth Denham, said
If a company does not take care of its customers’ data, it is not only a possible punishment, but above all a punishment for the public whose data it has to protect.
Pierluigi Paganini
(Security issues – Hacking, Marriott)
Part
Related Tags:
ticketmaster ico fine,ba ico fine,marriott data breach,ico ba fine,united nations data breach,marriott fine,marriott data breach case study,marriott data breach 2020,h&m gdpr fine,ico british airways,ico, marriott
