Regulators in Turkey have issued Marriott International with an administrative fine of TL 1.5 million (£213,122) due to the impact of the hotel chain’s five-year-long data breach on the country’s citizens.
The data breach, which affected millions of guests globally who were listed on Marriott International’s Starwood Division database, compromised the private data of 1.2 million customer records from Turkey.
The precise number of individuals affected by the cyber incident has not yet been calculated.
An administrative fine of TL 1.5 million was imposed by Turkey’s Personal Data Protection Board (KVKK) following a review of statements submitted by Marriott on 4th December 2018 and 28th March 2019.
Data breaches suffered by the global hotel chain took place between 2014 and 2018. Among data exposed were birth dates, passport details, emails, payment card information and travel data.
Following Marriott’s notification of the incident to the KVKK, a review board found that 1.24 million Marriott customers (of the approximately 383 million customer records lost) lived in Turkey.
Due to the manner in which the customer data was stored, Turkish officials have not yet been able to put a precise figure on the number of the country’s victims. The review board also accused Marriott International of failing to conduct necessary inspections and cyber security audits over the four-year course of the record-breaking data breach.
The board has also imposed an administrative fine of TL 550,000 on Hong Kong’s Cathay Pacific airline following a data breach which compromised the private data of 1,286 Turkish nationals.
On 7th May 2018, engineers at the global carrier flagged up suspicious computer activity which was eventually traced to a cyber-attack that had taken place on 13th March the previous year.
Among the data exposed were names, nationalities, phone numbers, birth dates and email addresses, while 155 people also had passport details exposed. The KVKK has also opened an official probe into the notification of Cathay Pacific’s data breach.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/