Hot on the heels of British Airways, international hotel group Marriott is set to face the wrath of the UK‘s data privacy regulator. The country’s Information Commissioner’s Office (ICO) said it plans to fine the US-based chain £99 million ($123 million) under EU GDPR laws for a data breach that exposed personal details of over 339 million guests. Seven million of the affected users were UK residents, and 30 million related to residents of 31 countries in the European Economic Area (EEA). The incident concerns a 2014 data breach of hotel company Starwood, which was acquired by Marriott in 2016. The breach, however, wasn’t detected until November 2018.
Read about the penalty imposed on Marriott hotel group by ICO under new GDPR laws on The Next Web.
A key point here is that corporate boards, CEOs, CFOs and the tech leadership of all large firms need to think through how they can mitigate the risks of fines like these. It is hard, but not impossible. We have found that in most cases risks can be mitigated for a relatively low cost, without the need for expensive new software purchases, but by configuration changes.
It is also of critical importance that enterprises have their infrastructures, plans and policies checked by independent parties with experience in these matters.
For that we would like to bring your attention to OODA LLC, a team made up of experienced professionals with extensive past performance in conducting independent assessment of security postures. Our team can review your approach to security, provide observations on gaps, and an action plan for mitigating those gaps in the most efficient way possible.
For more on our approach see: OODA LLC Security Services.