Marriotts data breach deserves 124M fine UK privacy watchdog says

first_img 30 Photos GDPR Privacy GDPR: Here’s what you need to know 1:30 Now playing: Watch this: Security Marriott falls foul of GDPR. Igor Golovniov/SOPA Images/LightRocket via Getty Images In November 2018, the Marriott hotel group revealed it had been the victim of a four-year campaign by hackers to steal customer data from its reservations system. Now it’s going to have to pay the price for failing to keep that data safe.The Information Commissioner’s Office, the UK’s privacy watchdog, announced Tuesday that it intends to fine Marriott £99.2 million ($124M) over the security breach. It’s issuing the fine in accordance with the General Data Protection Regulation, the far-reaching EU-wide privacy law introduced in May 2018.Hackers breached the security systems of Starwood Hotels in 2014. Marriott bought Starwood in 2016, but didn’t discover and then patch the breach until 2018. Personal data from 339 million guest records (30 million European citizens and 7 million UK citizens) was exposed in the incident.Marriott CEO Arne Sorenson said in a statement that he was “deeply disappointed” with the decision by the Information Commissioner’s Office and that he would contest it. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database,” he said. Share your voice 1 Tags Comment Last year the EU overhauled its pre-internet data protection laws to make them fit for the internet age. Under the GDPR, member states are able to fine companies 20 million euros ($22.4 million) or 4% of their total annual worldwide revenue in the preceding financial year if they fail to comply with the new rules. The Marriott fine is the second GDPR-related fine the ICO has announced this week. On Monday, the watchdog announced its intention to fine British Airways £183.4 million ($230M) over a 2018 data breach.”The GDPR makes it clear that organisations must be accountable for the personal data they hold,” said Information Commissioner Elizabeth Denham in a statement. “Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”Marriott acknowledged that challenges and the disruptions they pose.”We deeply regret this incident happened,” said Sorenson. “We take the privacy and security of guest information very seriously and continue to work hard to meet the standard of excellence that our guests expect from Marriott.” What Disney’s Star Wars land and hotel will look likelast_img

Leave a Reply

Your email address will not be published. Required fields are marked *