The proposed £183m fine to be paid – subject to appeal – by British Airways for the massive data breach last year has been well reported by the national media, so I don’t want to spend more time on it here.
What may have passed you by, however, is that Marriott revealed yesterday that it is facing a proposed £99m fine for historic data breaches at Starwood Hotels & Resorts, which continued for a period after Marriott acquired the company in 2016. The breach began in 2014.
Marriott’s fine, whilst issued by the UK Information Commissioners Office, covers damages for the entire EU. 30 million sets of EU customer data were leaked, of which 7 million sets related to UK residents. The majority of HFP readers will be included. Data stolen includes credit card numbers, passport details and date of birth.
Marriott intends to appeal against the fine, even though it is substantially lower than the maximum allowed which is 4% of global turnover.
These fines are, of course, huge numbers. It is not a revenue raising exercise, however. It is making a point to the business community that the cost of spending what is needed to properly protect the data of your customers is not wasted money, as many corporates seem to view it, but a bargain compared to the cost of not doing so. If you are thinking of retraining for a new career, there will be a lot of cyber security consultancy roles being advertised in the next few months …..
(Want to earn more hotel points? Click here to see our complete list of promotions from the major hotel chains or use the ‘Hotel Promos’ link in the menu bar at the top of the page.)