Last month, apologies and testimonies took place in relation to the massive Marriott cyber attack that saw some 500 million people’s records exposed.
Marriott International Inc.’s Chief executive, Arne Sorenson, reportedly appeared before a U.S. Senate committee to testify. As part of a written testimony, an apology was issued, although the company is said to have declined to comment on the developments.
There are stark differences between how the U.S. deal with companies in the wake of huge data breaches and how the U.K. deals with them. Although we have the Information Commissioner’s Office (ICO) who can issue fines in the millions under GDPR, the government rarely gets involved in the same way the U.S. does. However, victims in the U.K. can still be eligible to claim data breach compensation. This is important to remember.
Positive action in wake of the Marriott cyber attack
News of the testimonies and apologies is positive action in the wake of the monumental Marriott cyber attack. We continue to keep a close eye on developments with the ICO to see how far any GDPR fine may go.
Any GDPR fine could easily be in the hundreds of millions of pounds mark.
For the victims, it’s important to know that you can be eligible to make a claim for data breach compensation. With some 500 million victims, with some having their passport information and payment card data exposed, this was a serious incident.
What have we learned from the Marriott cyber attack?
We’ve learned a lot in terms of data protection and the worries of breaches in the wake of the Marriott cyber attack. This company is huge, and it showed just how far and how bad a massive data breach event could get.
Big businesses can be no better at protecting data than small-to-medium enterprises.
It exposed (again) that some big companies may not be equipped to protect the data they hold. It reminded us that some boards and some of the people in charge may be oblivious to the risks their companies could face.
According to the Harvard Business Review, many of the Starwood cybersecurity and IT staff were let go when the merger between Starwood and Marriott took place. Given that it was only the Starwood systems that were exposed in this breach, this suggests that these cost saving measures did not account for cyber security at all. This again demonstrates the potential naivety when matters like cyber security are not appropriately factored into big business changes like mergers.
Ultimately, the Marriott cyber attack was very preventable. The issue as to how it wasn’t prevented or spotted earlier is worrying.
The question as to who’s next is just as concerning.