The Marriott fine of $ 124 Million comes right after a record fine of $230 million imposed by ICO on Monday following the British Airways Data Breach. The ICO's investigation found that the British Airways breach exposed personal data for 500,000 customers. It involved attackers installing malicious code on British Airways's site that rerouted customers to a phishing site that stole their personal details and payment card details.
>>Click Here To Learn More About the British Airway Hack & How To Prevent
The Marriott data breach persisted for 4 long years before being discovered and exposed approximately 339 million customer records globally. The breach exposed information like names, phone numbers, email addresses, encrypted payment card information and more.
>>Click Here To Learn More About the Marriott Hack & How To Prevent
U.K. Information Commissioner Elizabeth Denham said British Airways failed to put appropriate safeguards in place to protect customer data. "That's why the law is clear - when you are entrusted with personal data you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."
What Are the Losses?
- $ 230 million imposed by ICO on British Airways
- $ 124 million imposed by ICO on Marriott
- When Marriott breach was announced, the share price dropped by 8.7%
- Affected members could also sue for compensation
- Reputation Loss and loss of trust in customers (this would hit business indirectly)
How Can Your Organization Prevent This?
- Implement GDPR compliance policies and procedures and get it audited by a trust worthy security entity
- Scan your digital attack footprint, keep a complete log of your assets, monitor and secure them
- Organizations Need To Constantly Monitor All Their Data
- Have a good cyber security training and awareness program implemented to have your employees aware of the security challenges and misuse
- Frequent (periodic) vulnerability assessment and penetration testing of your organization’s digital assets is necessary
- Breaches are unavoidable. A proper incident response program that ensures your customer’s sensitive data is not harmed and reduces business down time is a win-win
Comments