Marriot plans to appeal against this £99 million fine, where credit card details, passport numbers and dates of birth have been stolen. Arne Sorenson, president and chief executive of Marriot International, expressed: “We are disappointed with this notice of intent from the ICO, which we will contest…We deeply regret this incident happened. We take the privacy and security of guest information very seriously.”
Why so serious?
Well, with this fine added to the bill amassing for fixing Marriot’s shortcomings in their security systems, this has already become one of the costliest breaches in history – and it doesn’t end there. Costs from hacks can go on for years for companies. With so many diverse factors to be accounted for, the total cost can only be estimated, especially regarding the more recent cases. However, here at URiM, we have sought to compile a more digestible list of the Top 10 most expensive cyber security breaches of all time, for the purposes of being illustrative, more than definitive. Let the salutary lessons begin!
- 0. Uber: ‘Shut up and drive’ … and it didn’t pay off (Thanks, Rihanna)
Heralded as ‘one of the biggest embarrassments and legal tangles the ride-hailing company has suffered’, Uber were criticised not only for lacking the security governance over their user/employee data, but for taking a ‘Ford Siesta’ on relaying details of the breach, to the 57 million customers and drivers it affected. In fact, the transport firm paid hackers $100k to delete the data (including 600k driver licence details), using its ‘bug bounty’ program, which was designed to reward security researchers who report flaws in the company’s software.
“Uber’s decision to cover up this breach was a blatant violation of the public’s trust,” explains California Attorney General, Xavier Becerra. “Consistent with its corporate culture at the time, Uber swept the breach under the rug in deliberate disregard of the law”. Now, the company appears fully prepared to buckle up and regain the trust of its customers, which Uber Chief Legal Officer Tony West admits, is no easy feat. He states: “We’ll continue to invest to keep our customers and their data safe and secure” – sentiments backed by Uber’s new CEO, Dara Khosrowshahi, who fired security officials responsible for the breach, pledging to change how the firm operates, in order to prevent future cyber vulnerabilities.
If only Uber could make their getaway with no more than a dented reputation. Alas, this car-crash of a situation has resulted in further pricy legal action, brought by drivers, customers and the cities of LA & Chicago, to the tune of another $148 million. That’s a hefty penalty fare. Claimants suggest this action will deliver ‘a national rebuke against Uber’s history of flouting laws and basic business ethics’.