United Kingdom
United States
Asia Pacific
Hilton fined for delay in disclosing data breach
Hilton has been ordered to pay a $700,000 penalty for failing to disclose two separate payment card data breaches promptly enough.
More than 360,000 accounts of customers were exposed in two malware attacks which began in November 2014 and again in April 2015 but the company didn’t inform customers until November 2015.
The fine will be paid to the states of New York and Vermont which conducted a joint investigation.
Their respective state attorney generals agreed the settlement with the company.
"Lax security practices like those we uncovered at Hilton put New Yorkers’ credit card information and other personal data at serious risk," said Eric Schneiderman, New York’s attorney general.
Under the settlement terms Hilton has pledged to disclose any future breaches in a more timely fashion, strengthen its cyber security team and conduct regular security diagnostic tests on systems vulnerable to malware intrusions.
"Hilton is strongly committed to protecting our customers’ payment card information and maintaining the integrity of our systems," Hilton said in a statement.
In May 2018, tighter data protection rules will come into force in the UK that will mean companies risk fines of up to 4% of their global turnover if they fail to protect the data of their customers, staff and suppliers.
Travel companies are being urged to act now to make sure they’re ready to comply with new laws under which claimants will no longer need to demonstrate a financial loss as a result of the breach but can claim thousands of pounds for anxiety.
The details of the rules have not yet been finalised but will mean companies must ensure they have permission from their customers to hold their data for as long as is deemed ‘reasonable’.
To prepare for the changes, travel companies are being advised to scrutinise their cyber risk, identify weak points, test vulnerabilities, train staff to be able to recognise phishing, download the latest virus and security software and back-up data.
They should also have a clear data protection strategy in place, and also be checking that their suppliers have got a good protection policy in place.
Bev
Editor in chief Bev Fearis has been a travel journalist for 25 years. She started her career at Travel Weekly, where she became deputy news editor, before joining Business Traveller as deputy editor and launching the magazine’s website. She has also written travel features, news and expert comment for the Guardian, Observer, Times, Telegraph, Boundless and other consumer titles and was named one of the top 50 UK travel journalists by the Press Gazette.
Kittipong Prapattong’s Plan for Thailand’s Tourism Growth: Taxes, Visas, and Campaigns
James Jin: Didatravel’s Journey from China to Global Reach and the Impact of AI on Travel
Darien Schaefer on Pensacola’s Evolution: From Small Town to Global Destination
Florida Tourism’s Next Frontier: Dana Young on Expanding Beyond the Classics
Patrick Harrison on Tampa Bay Tourism’s Resilience and Marketing Strategy
Bubba O’Keefe on Clarksdale’s Vibrant Music Scene
Commemorating Elvis and Embracing Tupelo’s Culture with Jennie Bradford Curlee
Craig Ray and the Expansion of the Blues Trail
Presenting Mississippi’s Cultural Trails with Katie Coats
Robert Terrell: A Journey Through BB King’s Influence
Rochelle Hicks: Celebrating Mississippi’s Musical Legacy
Exploring Jacksonville with Katie Mitura: The Flip Side of Florida
Dozens fall ill in P&O Cruises ship outbreak
Turkish Airlines flight in emergency landing after pilot dies
Boy falls to death on cruise ship
Unexpected wave rocks cruise ship
Storm Lilian travel chaos as bank holiday flights cancelled