A General Data Protection Regulation (GDPR) breach involving the Marriott Hotels group was investigated and the results revealed that less people were actually impacted than what was estimated. In spite of this, Marriott Hotels group still faces a $915 million financial penalty for violating the EU Regulation.
To start with, it was reported that the breach compromised the personal information of approximately 500 million individuals. Now, it is reported only about 383 million persons were impacted by the breach. The compromised information is thought of as unencrypted passport data and 20.3 million passport numbers that are encrypted. The data can probably be utilized for illegal dealings as a switch in identity.
The investigation is currently ongoing where the Marriott Hotel group operates a business. The country’s local data protection agencies are looking at the data breach and are evaluating its effect. The GDPR law can hit a violating entity with the highest penalty of approximately €20 million or 4% of yearly global income for the previous year, whichever value is greater. Marriott had a yearly global revenue of $22.89 billion in 2017. In this case, the group may be asked to pay is $915 million penalty for a GDPR violation.
Marriott moved swiftly to steer clear of being fined the total amount. As a precautionary measure, the group provided compensation to every person who were possibly affected by the breach to help them get a new passport, hence minimizing possible future fraudulence. In addition, the Marriott Hotel group built an online portal to answer all the customers’ questions related to the data breach. Customers could also access a dedicated call center if they have questions.
All the same, the present reports show that the Marriott Hotels group still has to deal with class action lawsuits in the United States consisting of plaintiffs in a number of U.S. states where the group allegedly breached the local data protection laws. The Marriott group was charged of involvement in “deceptive, unconscionable, and substantially injurious practices.”
This occurrence shows that data protection is very important and must be in compliance with the pertinent legislation requirements. Additionally, in case of a breach, it is vital to move right away to protect your clients exposed data and to avoid serious financial penalties.