Monday, August 5, 2019

Marriott Resorts & Hotels to Receive $123 Million Fine from UK Authorities - All Due to a Data Breach


You may not remember, but last year Marriott made an announcement regarding their Starwood properties.  It seems that from sometime in 2014 to November 2018 5 millions passport numbers and 8 million credit card numbers were stolen.  Estimates by authorities are that 30 million EU residents were affected by the breach.  The situation was bad enough that Marriott made an executive decision to simply eliminate the entire reservation from their corporate databases and records.

Marriott did NOT own Starwood at the time of the breach instead discovering it after the acquisition had taken place.  However, the U.K.’s Information Commissioner’s Office (ICO) investigated the breach and discerned that Marriott “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.”

Due to the ICO’s investigation and their finding that Marriott was at fault, the office is fining the company $123 million.

The law allows for a company to be fined up to 4 percent of that company’s annual revenue.  The $123 million is about three percent of Marriott’s annual revenues.

Obviously the folks in the European Union are taking breaches very seriously, more seriously it seems than their counterparts in the U.S.  Here in the states it would have been a slap on the wrist and a small token fine.  The weird part of this one ism that Starwood was NOT owned by Marriott when the breach occurred.  It seems that the security conscious and public conscious EU is taking a firm stand here.  Perhaps this will head off other types of breaches by forcing cost conscious companies to better protect their networks.

No comments:

Post a Comment