Marriott to be fined £99m by ICO - Netwrix comments
July 2019 by Matt Middleton-Leal, general manager, EMEA
Following yesterday’s BA fine, the ICO has announced it is fining the Marriott International Hotel Group following its own recent data breach. Matt Middleton-Leal, general manager, EMEA & APAC at Netwrix has made the following comments in response:
“Coming hot on the heels of the record fine issued to BA yesterday, the penalty the ICO has imposed on the Marriott hotel group following its own recent data breach heralds a new era of greater regulatory power. Watchdogs’ barks may once have been considered worse than their bite, but this is no longer the case since the introduction of GDPR. Any company that routinely processes customer data has a serious duty of care to protect this, and is almost certainly on the radar of opportunistic and skilled hackers. Vast swathes of customer data was stolen in the Marriott case – 339m guests’ reportedly had their personal information exposed – which simply should not have been possible if robust network monitoring and detection had been in place. Indeed, rather basic failings (including the improper storage of encryption keys) are thought to have contributed to this incident.
“These vast fines should provide a stark warning to organisations that have failed to adapt to their approach to security since the regulation came into effect. Compliance with regulation can in fact be achieved without a significant overhaul of workflows, but what is most important, as ever, is a change of mindset.”