UK Fines Marriott and British Airways Over Data Breaches
UK is going after Marriott and British Airways with big fines for the data breaches that exposed private information for millions of customers. The fines were handed out by UK’s Information Commissioner’s Office (ICO) this week.
UK’s Information Commissioner’s Office (ICO) announced on Tuesday that it intends to fine hotel giant Marriott International £99 million (about $123 million) for a data breach that exposed the sensitive data of 339 million guests. If you have yet to do so, you can check if you were affected.
The news for Marriott comes at the same time as a lawsuit over hidden fees.
UK’s Information Commissioner’s Office said that Marriott had “failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems” in its investigation of the breach. The ICO’s intention to fine Marriott is based on “infringements of the General Data Protection Regulation.”
The incident occurred in 2014 when hotel company Starwood’s database was breached. Marriott bought Starwood in 2016 and inherited the breach that went undetected until November 2018. For around 367 million of those affected, the information taken includes some combination of their name, mailing address, phone number, email address, passport number, date of birth, gender, and other information from their Starwood account.
British Airways is facing a record fine of £183m (about $222 million)for last year’s breach of its security systems.
The ICO said the incident took place after users of British Airways’ website were diverted to a fraudulent site. Through this false site, details of about 500,000 customers were harvested by the attackers, the ICO said.
The incident happened back in June 2018. BA initially said information involved included names, email addresses, credit card information such as credit card numbers, expiry dates and the three-digit CVV code found on the back of credit cards.