More data breach fines

Flying off to a nice hotel somewhere?

British Airways gets hammered with a record £183m fine for data breach
The incident came to light last September, when British Airways revealed that a sophisticated hack had led to 380,000 customer accounts being compromised, although that initial figure turned out to be an underestimation, with some 500,000 people actually affected, the ICO reckons.

Those folks had the likes of names, addresses, emails, credit card numbers and expiry dates – as well as the security codes on the rear of cards – stolen over a two-week period beginning on August 21, we were told at the time. Although the ICO claims that the thefts began occurring as early as June 2018.

Marriott to face £99 million GDPR fine from ICO over November 2018 data breach
The breach revealed in November 2018 involved the leak of 500 million customer records from the guest reservation database of Marriott’s Starwood Hotels and Resorts division. The attackers – who are unknown but believed to have links with China’s Ministry of State Security – appear to have had access to the system since 2014.

The organisation only became aware of the compromise in September 2018 following an alert from an internal security tool over an attempt to gain access to the reservation system. The company claims that it “quickly engaged” a group of security experts to investigate the apparent attack and “learned during the investigation that there had been unauthorised access to the Starwood network since 2014”.

Update 15/07/2019

Meanwhile.

Facebook’s $5 billion FTC fine is an embarrassing joke
Facebook’s stock went up after news of a record-breaking $5 billion FTC fine for various privacy violations broke today.

That, as The New York Times’ Mike Isaac points out, is the real story here: the United States government spent months coming up with a punishment for Facebook’s long list of privacy-related bad behavior, and the best it could do was so weak that Facebook’s stock price went up …

From some other perspectives, that $5 billion fine is a big deal, of course: it’s the biggest fine in FTC history, far bigger than the $22 million fine levied against Google in 2012. And $5 billion is a lot of money, to be sure. It’s just that like everything else that comes into contact with Facebook’s scale, it’s still entirely too small: Facebook had $15 billion in revenue last quarter alone, and $22 billion in profit last year …

That’s actually the real problem here: fines and punishments are only effective when they provide negative consequences for bad behavior. But Facebook has done nothing but behave badly from inception, and it has only ever been slapped on the wrist by authority figures and rewarded by the market. After all, Facebook was already under a previous FTC consent decree for privacy violations imposed in 2011, and that didn’t seem to stop any of the company’s recent scandals from happening. As Kara Swisher has written, you have to add another zero to this fine to make it mean anything.

Author: Terry Madeley

I enjoy reading about art and design, culture, data, education, technology and the web. I'm confused by a lot of it, to be honest.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s