BreachExchange mailing list archives
Marriott to face $123 million fine by UK authorities over data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 11 Jul 2019 08:55:22 -0500
https://techcrunch.com/2019/07/09/marriott-data-breach-uk-fine/ The U.K. data protection authority said it will serve hotel giant Marriott with a £99 million ($123 million) fine for a data breach that exposed up to 383 million guests. Marriott revealed last year that its acquired Starwood properties had its central reservation database hacked, including five million unencrypted passport numbers and eight million credit card records. The breach dated back to 2014 but was not discovered until November 2018. Marriott later pulled the hacked reservation system from its operations. The U.K.’s Information Commissioner’s Office (ICO) said its investigation found that Marriott “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems.” The breach affected about 30 million residents of the European Union, according to the ICO, which confirmed the proposed fine in a statement Tuesday. But Marriott said it “has the right to respond” before a fine is imposed and “intends to respond and vigorously defend” its position. “We are disappointed with this notice of intent from the ICO, which we will contest,” said Marriott’s chief executive Arne Sorenson, in a filing with the U.S. Securities and Exchange Commission. “Marriott has been cooperating with the ICO throughout its investigation into the incident, which involved a criminal attack against the Starwood guest reservation database.” Under the new GDPR regime, the ICO has the right to fine up to 4% of a company’s annual turnover. Given Marriott made about $3.6 billion in revenueduring 2018, the ICO’s fine represents about 3% of the company’s global revenue. The ICO said Marriott will be given an opportunity to discuss the proposed findings and sanctions. “The ICO will consider carefully the representations made by the company and the other concerned data protection authorities before it takes its final decision,” said the U.K. data protection authority. The proposed Marriott fine comes hot on the heels of a record fine of $230 million imposed by the ICO on Monday following the British Airways data breach. The airline confirmed about 500,000 customers had their credit cards skimmed over a three-week period between August and September 2018. Researchers said a credit card stealing group known as Magecart was to blame. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Marriott to face $123 million fine by UK authorities over data breach Destry Winant (Jul 11)