![ICO issues company with £18.4 million fine for not keeping customer data secure](https://chadlaw.dnsupdate.co.uk/wp-content/uploads/2018/10/GettyImages-840610244-740x388.jpg)
12
Nov 2020
ICO issues company with £18.4 million fine for not keeping customer data secure
The Information Commissioner’s Office (ICO) is the UK’s independent body who oversees all things data protection and compliance.
The ICO has fined Marriott International Inc. (the international hotel chain) under GDPR a substantial sum of £18.4 million for failing to keep millions of customers’ data secure following a cyber-attack on Starwood Hotels and Resorts Worldwide Inc. (which Marriott bought out in 2018) back in 2014.
The unknown attacker installed a device in the Starwood system which allowed them to access the content of the device remotely. As a result, the attacker had unrestricted access to that device, and to other devices on the network to which the account would have had access. Customer data was then accessed and exported by the attacker.
The personal data involved spanned from names, email addresses and phone numbers to passport numbers and arrival/departure times. It is estimated that around 339 million guest records were affected although the precise number is unclear.
The ICO found that Marriott had failed to put in place appropriate technical or organisations measures to protect the personal data kept in its systems. The ICO established four principal failures as follows:
- Insufficient monitoring of privileged accounts;
- Insufficient monitoring of databases;
- Control of critical systems; and Encryption.
If you’re unsure on what technical or organisations measures your business can take to comply with GDPR and best practice, contact Chadwick Lawrence’s Regulatory team today on 01484 519 999 or email HarveyBlake@chadlaw.co.uk
We can carry out a full GDPR audit of your business’ data compliance systems, policies and practices and make recommendations on how you can keep the data of your customers, employees and third parties safe.
- Like this ? Share with friends