We may be in 2019, but that doesn’t mean that the world’s biggest brands have prepared themselves for the massive threats to cybersecurity. One of the biggest data breaches last year was the attack on Marriott International. Since then, the company had to recover from the tainted reputation as well as the losses the issue incurred. Now, they are set to face fines for the damages the breach has caused.
The UK’s Information Commissioner’s Office has stated that it intends to fine US-based Marriott International up to £99,200,396 ($123 million) for violating the data breach regulations that are under the EU’s General Data Protection Regulation (GDPR). To note, Marriott International’s data breach compromised the personal detail of over 339 million guests.
The data that got leaked included names, addresses, contact information, and passport numbers. However, Marriott International believes that around 100 million customers had their credit card numbers and expiration dates leaked as well. Of the 339 million guests, ICO states that 30 million were residents from 31 countries in the European Economic Area (EEA) and seven million were UK residents.
ICO’s Elizabeth Dunham says that “the GDPR makes it clear that organizations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.”
She adds that personal data has real value, and that means organizations are obligated to protect the information that their customers trust them with.
Aside from Marriott International, ICO is also cracking down on British Airways, which is currently facing a fine of more than £183 million due to a customer data breach said to have begun way back in June 2018. The details of the breach were only revealed and discovered by the airline in September that year.
According to ICO’s own investigation, the information that got leaked included names, addresses, log-in details, bank card information, and travel booking details. ICO noted that the data breach was the result of “poor security arrangements.” The hackers organized the attack by diverting passengers to a fake website in which their information was gathered upon input.
While Marriott International’s data breach is easily the bigger issue, it’s British Airways that are going to receive the biggest fine ICO has placed for now. That is because most of the customer information leaked from British Airways was EU residents, whereas only a portion of the victims in Marriott International’s resided in the area.
It is no longer about an issue of which leak is bigger. Even though breaches are common, multinational brands, as well as the consumers themselves, have a lot to learn when it comes to security online. Here are some of the biggest takeaways from the recent issues.
Marriott International’s data breach was discovered only last year. However, reports suggest that the vulnerabilities began when the database of Starwood Hotels Group was compromised way back in 2014. Marriott International acquired the company in 2016, but it failed to see the security issues immediately.
With regards to British Airway’s data breach, we can assume that people are still not as vigilant as they should be when putting in their details online. However, we can’t place all the blame on the customers, as the cybercriminals themselves have become better and more advanced when it comes to hacking methods. Customers are advised to inspect every corner of a page before adding in the information.
The biggest takeaway is that everyone and every brand is susceptible to attacks online. The key to avoiding becoming the victim of a data breach is being more vigilant and careful online. For companies, it might be time for them to see more value in protecting their customer’s private information.
Infographic posted on Hosting Tribunal details “15 of the Biggest Data Breaches in The Last 15 Years.” The infographic also has startling facts around several major breaches.