The owner of the Marriott hotel chain is expected to face a €99 million fine as a result of a data breach that has exposed thousands of customer data. The fine imposed by the UK's Information Commissioner's Office (ICO) comes after a breach of the personal data of approximately 339 million customer records worldwide following a cyber attack. By November 2018, Marriott had reported the breach to the OIC. Nearly 30 million of these customers were residents of 31 countries of the European Economic Area (EEA) and 7 million residents of the United Kingdom.
modified
The intrusion dates back to 2014, when the Starwood hotel group was the victim of an attack on its systems. Starwood was acquired by Marriott in 2016, but customer data continued to be disclosed until the breakthrough was discovered in 2018. The ICO stated that Marriott had fully cooperated in the investigation of the breach and had strengthened its security protections, but that their investigation had revealed that the company "failed to exercise due diligence." when buying Starwood and it should have done more to ensure its security." The systems. ""The GDPR makes it clear that organizations must be held accountable for the personal data they hold," said Information Commissioner Elizabeth Denham. "This may include exercising due diligence to acquire a business and implementing appropriate accountability measures to assess not only what personal data has been acquired, but also how it is protected." "Personal data has real value, so organizations have a legal obligation to ensure its security, just as they would any other asset. If this does not happen, we will not hesitate to take strong action if necessary to protect the rights of the user. public." < p class="bordeaux-image-check">
(Image credit: Shutterstock.com) (Image credit: Shutterstock.com) The news comes hours after British Airways was fined £138m as a result of a data breach that occurred earlier in this year and that it had compromised around half a million accounts. customers. "We knew the GDPR had teeth. Now we can see how bad it can be," said Ilias Chantzos, Symantec's senior director of government affairs for the EMEA region. "The fines of €183 million and today of €99 million have cemented the GDPR as very serious legislation that places an organization's cybersecurity challenges and budget in a whole new context. Don't get me wrong, the EU has developed a GDPR and a regulation like the NIS directive to improve the standard of critical cyber enforcement requirements to protect consumers, organizations and our critical infrastructure."