Tel: 01736 795753
This email address is being protected from spambots. You need JavaScript enabled to view it.

ICO issues notices of intention to fine BA and Marriott

Source: Information Commissioner's Office | | 17/07/2019

Following an extensive investigation, the Information Commissioner’s Office (ICO) has announced that it has issued a notice of its intention to fine British Airways (BA) £183.39 million for infringements of the General Data Protection Regulation (GDPR). If imposed, the fine will be a record amount in the UK for breach of data protection laws. The infringements relate to an incident in summer 2018 when cyber attackers gained access to the personal data of around 500,000 BA customers, due to poor security measures. User traffic to the BA website was diverted to a fraudulent site, where customer details were harvested by the cyber attackers. A variety of information was compromised by the poor security arrangements, including log in, payment card and travel booking details, as well as name and address information. BA will have the opportunity to make representations to the ICO before it makes its final decision. The ICO noted in its announcement that BA has cooperated with its investigation and has made improvements to its security arrangements following the breach.

The ICO has also announced that it has issued a notice of intention to fine Marriott International, Inc. (Marriott) £99,200,396 for infringements of the GDPR in connection with a cyber incident affecting approximately 339 million guest records held globally in Starwood hotels' guest reservation database. The vulnerability apparently began when the systems of the Starwood hotels group were compromised in 2014. Marriott acquired Starwood in 2016, but the exposure of customer information was only discovered in 2018 and Marriott then notified the ICO. The ICO found that Marriott had failed to undertake sufficient due diligence when it bought Starwood and should also have done more to secure its systems. Marriott has again cooperated with the ICO's investigation and has made improvements to its security arrangements following the breach. Marriott will now have the opportunity to make representations to the ICO as to the proposed findings and sanction.

The ICO is dealing with both cases as the lead supervisory authority on behalf of other EU member state data protection authorities. Under the GDPR, the data protection authorities in other EU member states whose nationals have been affected by the two breaches will also have the chance to comment on the ICO's findings.



Search Archive


Latest News

What you can do with your pension pot
13/08/2019 - More...
Pension Wise is a free government service that was launched in 2015 to help provide individuals with

When you can claim back VAT on purchase of a car
13/08/2019 - More...
There are complex VAT rules that determine the amount of VAT that can be recovered when purchasing a

Child Benefit charge if income exceeds £50,000
13/08/2019 - More...
The High Income Child Benefit charge (HICBC) applies to a parent whose income exceeds £50,000

Search

Our Address

Greenwood Wilson
The Old School
The Stennack
St Ives
Cornwall
TR26 1QU

Contact Us

tel: 01736 795753
fax: 01736 798642
This email address is being protected from spambots. You need JavaScript enabled to view it.

Newsletter

With our newsletter, you automatically receive our latest news by e-mail and get access to the archive including advanced search options!

» Sign up for the Newsletter
» Login