Failure of GDPR Compliance: Marriott Hotels Hit By A Data Breach Now To Pay A Fine Of £100m

In every day’s news highlights, you can see many data breach incidents. These incidents are not restricted only to smaller or medium-sized organisations. Recently, you probably have noticed that data breach kept on hitting the large organisations and Marriott cyberattack is in the same inventory now. Personal data of more than 500m people, including credit card details, passport numbers, and date of birth has been hacked. Many are regarding this mishap as s “colossal” hack of Marriott International.

The company’s primary sources said that they became aware of this infringement early in September. But, as the investigation went on, it revealed that the unauthorised access to the database made in 2014. Whereas, the hacked data varied customer to customer. The information obtained by hackers contained names, mailing addresses, phone numbers, email addresses, and passport numbers. Though credit cards got encrypt, the sources still can’t say anything about the stolen encrypted keys.

The company said reservations at its Starwood properties, which include the Sheraton Grand Park Lane and Le Méridien Piccadilly in London and the Sheraton Grand in Edinburgh, had been affected by the incident. The first breach was identified in Starwood reservation for guests in the US on 8 September. The president of Marriott International, Arne Sorenson, tried to cover the situation by saying, “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons to better moving forward.”

The fact which spiced up the situation: Marriott cyberattack of 500m guests linked to Chinese Spy Agency.

Cyber attacks are constant, only the victims change with every other episode of it. In addition, the Marriott data breach created plenty of headlines and spice stories, but no one knew the enforcer behind it. However, it was a Chinese intelligence-gathering effort that hacked many more types of data, including the health and security clearance of Americans, according to the investigations. The news says that the hackers implemented on the instructions of the ministry of state security and the civilian spy agency. This discovery took place when Trump administration was planning to target China’s trade, cyber and economic policies within days.

According to the four government officials, they are planning to impose a fine and required investigation on those Chinese hackers working under the intelligence. Moreover, these four officials demanded to keep their names hidden. As a result, the Trump administration decided to derestrict the reports to cancel the effect in case the hackers reveal the identity of US government officials.

Marriott’s Revolutionary Steps to rebrand its name and prestige

The most admirable fact after this incident was, Marriott stayed strong and didn’t bend the knee to this massive cyber hacking. Therefore, Marriott international proclaimed a loyal program to replace the ongoing loyalty brands after the data breach. They named the new program Marriott Bonvoy, and it will replace current loyalty brands: Marriott Rewards, The Ritz-Carlton Rewards, and Starwood Preferred Guest. This restructuring considered as the second rebranding since April 2018, when Marriott integrated Starwood Hotels and Resorts worldwide.

The Starwood program was the main reason which pushed the data breach reported in November 2018. Although, the number of affected individuals brought down from 500 million to 383 million unique guests. Similarly, it also included unencrypted 5.25 million and 20.3 encrypted passport numbers. The New York Times declared this breach as one of the largest in history. Marriott is willing to pay for the new passports.

No Threat – No Fret

Seers UK helps organisations to handle the challenges of GDPR compliance. Our experts can help your firm with a variety of best-practice GDPR solutions. They can evaluate your current state of compliance and developing a remediation roadmap, through to implementing a best-fit privacy compliance framework. It has a motive to help you meet your GDPR compliance objectives. Seers provide training courses, books, compliance toolkits, software, staff awareness training, and consultancy services. Visit our professional services sector web pages for further details.