THE Marriott International Hotel chain will be fined £99million after a cyber security breach that left millions of customers’ details exposed.
The cyber incident, which was reported to the Information Commissioner’s Office in November 2018, affected 7 million UK residents and 44 million people in the European Economic Area.
1 Marriott Hotels could be fined £99million for breaking GDPR rulesCredit: Rex Features
The hotel giant revealed there had been “unauthorised access” to a network containing up to 500m of its guests’ information – including passport details and credit card numbers.
The information included some combination of name, mailing address, phone number, email address, passport number, date of birth and other personal details.
Under GDPR, companies must be careful to protect consumer data or risk facing hefty fines.
Marriott’s troubles are thought to have begun when the chain acquired Starwood Hotels in 2016.
Starwood had been compromised in 2014, but the breach wasn’t discovered until after Marriott International bought the group.
The regulator’s investigation decided that Marriott had not done its due diligence when it purchased Starwood Hotels and that it should have done more to secure the systems.
Marriott has co-operated with the ICO investigation and has made improvements to its security arrangements since these events came to light.
How to keep yourself safe from hackers and scammersHERE’s how to stay safe online.
Make a ‘strong’ password with 8 or more characters and a combination of upper case characters, numbers and symbols
Don’t do online banking on public WiFi, unless absolutely necessary
Don’t click on dodgy email links claiming to be from banks
Use different passwords for different sites
Never re-use your main email password
Use anti-virus software
Don’t accept Facebook friend requests or LinkedIn invitations from people you don’t know
Think before you put personal info on social media
Find My iPhone, Android Lost and BlackBerry Protect all allow you to remotely wipe a stolen phone. Set this feature up
Only shop online on secure sites
Don’t store your card details on websites
Password protect your phone and other devices
The company is now able to appeal the fine, and make representations to the ICO on the proposed findings and sanction.
If the ICO does decide to fine £99million it will be the largest fine to date under the new GDPR rulings.
The regulator said it “will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision”.
Any fines are paid into the Treasury’s Consolidated Fund and are not kept by ICO.
This is the government’s main bank account where things like taxes are paid into.
Unfortunately, the ICO’s ruling does not mean any redress for consumers who’s details have been exposed.
But it is possible to try and get compensation for breaches.
You may have to show that the theft of your data has caused you “distress or inconvenience.”
The claims procedure can begin once Marriott has been held responsible for the breach by the ICO and the appeal process has ended.
The airline has 28 days to appeal today’s decision.
Information Commissioner Elizabeth Denham said: GDPR makes it clear that organisations must be accountable for the personal data they hold.
“This can include carrying out proper due diligence when making a corporate acquisition.
“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset.
“If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”
COINING IT IN Rarest 10p coins revealed and they could be worth up to 170 times more SLICE OF THE ACTION Get £30 worth of pizza from Domino’s for less than £12.50 TOY JOY B&M has slashed the price of toys to £5 in its clearance sale CHICKEN WINNER You can get a KFC double chicken zinger burger with gravy and garlic sauce GIN O’CLOCK Shoppers can now buy chocolate orange gin from Sainsbury’s and Tesco CASH BACK Martin Lewis urges people to claim thousands of pounds in PPI for dead relatives
How British Airways customers can apply for compensation and protect themselves from fraud after airline exposed 400,000 card details.
Scam alert – Fraudsters con people out of thousands with FAKE GDPR emails.
Warning for Npower customers as energy giant exposes details of 5,000 customers in letters.
British Airways data breach – how many customers are affected by the hack and how can you check your details are safe?