ICO issues notice of major fines for BA and Marriott

British Airways (BA) and US hotel group Marriott are facing significant fines, following high profile data breaches reported in 2018.

The Information Commissioner’s Office (ICO) has issued notices of intent to fine BA a record £183m, whilst Marriott faces a £92.2m penalty. You can read the ICO’s statements on their website.

The data breach which affected British Airways was reported in September 2018. Customers on the BA website were diverted to a fraudulent site, where details of around 500,000 users were stolen. The airline has said that it is “surprised and disappointed” by the fine. The NCSC has previously issued advice for British Airways customers.

Marriott’s breach, which was reported in 2018 but is thought to date back to 2014, saw millions of users affected. Marriott also expressed its disappointment, stating the company will “contest” the ICO penalty. The NCSC has also provided advice for Marriott customers.

The ICO has the power to act against organisations that are deemed to have not taken appropriate care of users’ data and those who infringe the General Data Protection Regulation (GDPR), which came into force last year.