The massive hacking of Marriott International reservation databases could lead to a £99m fine as the UK cracked down on privacy breaches with its second major penalty notice in two days.
The cyber-attack, which Marriott disclosed in 2018, exposed information on 339-million guest records, including seven million related to British residents, the UK Information Commissioner’s Office (ICO) said in a statement on Tuesday. It’s the second time in two days the regulator has taken advantage of far-reaching EU powers after proposing a £183.4m penalty against British Airways.
Cyber Attacks – more than half of UK businesses report loss
The EU’s General Data Protection Regulation (GDPR), which took effect on May 25, 2018, requires companies to take technical precautions such as encryption to ensure customer data is protected. It also states that firms must notify authorities about breaches within 72 hours after learning about them. Violations may lead to fines of as much as 4% of a company’s annual sales.
Cyber insurance is essential
“Taken together, and especially given the basis of this Marriott fine, this is should be a worrying development for any company subject to ICO’s jurisdiction on GDPR,” said Tamlin Bason, an analyst at Bloomberg Intelligence. “The ICO is taking an aggressive stance on breaches.”
to find out how we can help you with your cyber insurance