Millions Fined for British Airways And Marriott Data Breach

The Marriott fine of $ 124 Million comes right after a record fine of $230 million imposed by ICO on Monday following the British Airways Data Breach. The ICO's investigation found that the British Airways breach exposed personal data for 500,000 customers. It involved attackers installing malicious code on British Airways's site that rerouted customers to a phishing site that stole their personal details and payment card details.

>>Click Here To Learn More About the British Airway Hack &...

The Marriott data breach persisted for 4 long years before being discovered and exposed approximately 339 million customer records globally. The breach exposed information like names, phone numbers, email addresses, encrypted payment card information and more. 

>>Click Here To Learn More About the Marriott Hack & How ...

U.K. Information Commissioner Elizabeth Denham said British Airways failed to put appropriate safeguards in place to protect customer data. "That's why the law is clear - when you are entrusted with personal data you must look after it. Those that don't will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights."

What Are the Losses?

  • $ 230 million imposed by ICO on British Airways
  • $ 124 million imposed by ICO on Marriott
  • When Marriott breach was announced, the share price dropped by 8.7%
  • Affected members could also sue for compensation
  • Reputation Loss and loss of trust in customers (this would hit business indirectly)

How Can Your Organization Prevent This?

  • Implement GDPR compliance policies and procedures and get it audited by a trust worthy security entity
  • Scan your digital attack footprint, keep a complete log of your assets, monitor and secure them
  • Organizations Need To Constantly Monitor All Their Data
  • Have a good cyber security training and awareness program implemented to have your employees aware of the security challenges and misuse
  • Frequent (periodic) vulnerability assessment and penetration testing of your organization’s digital assets is necessary
  • Breaches are unavoidable. A proper incident response program that ensures your customer’s sensitive data is not harmed and reduces business down time is a win-win

Views: 96

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service