Which? response as ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure

Kate Bevan, Which? Computing editor, said:

“It’s positive to see the Information Commissioner’s Office showing its teeth and sending a clear message to companies that it is unacceptable to play fast and loose with people’s personal data. However, our research earlier this year suggested that Marriott had not learned lessons from previous data breaches and still had serious vulnerabilities on its websites that could leave customers exposed to opportunistic cybercriminals.

“Some people will be frustrated if they’ve suffered financially and emotionally from this data breach but had no redress. The government should provide a much clearer route to this by allowing for an opt-out collective redress regime that deals with mass data breaches.

“Any consumers worried that they could have been affected by a data breach should change online passwords that might have been compromised and, where possible, enable two-factor authentication. They should also monitor bank and other online accounts as well as their credit report to guard against potential identity fraud.”

Notes to editors

• Marriott, British Airways and easyJet fail to learn data breach lessons as hundreds of serious security risks exposed by Which?
• Which? reveals the shocking scale of data theft following cyberattacks and calls for tough action against failing firms

Statement