Skip to main content Skip to page footer

Personal data breach: UK Data Protection Authority (ICO) fines British Airways and Marriott twice in record time

The fines, £20 million (approximately €22 million) for British Airways and £18.4 million (approximately €20 million) for Marriott, follow data breaches that made a large amount of personal data accessible to third parties. In the case of British Airways, the breach involved the data of approximately 430,000 people, including surnames, first names, addresses and, for some of them, their banking data (credit card numbers and CVV codes). As regards the Marriott hotel group, 339 million customer accounts were affected, including 30 million European accounts containing surnames, first names, emails and passport numbers.

These record-breaking sanctions underline the urgent need for enhanced security measures for personal data processing, and for regular checks on their effectiveness and reliability over time.