Droht dem Mutterkonzern der Fluglinie “British Airways“ eine DSGVO-Rekordstrafe iHv GBP 183,4 Mio.? Die Konzernmutter International Consolidated Airlines Group SA hat einen Monat Zeit für einen Einspruch bei der britischen DSGVO-Aufsichtsbehörde “Information Commissioner’s Office“ [ICO]:

“British Airways last year said about half a million passenger records were accessed in a cyberattack that took place between August 21 and Sept. 5. The airline carried more than 45 million passengers in 2018. The airline group said Sept. 6 that it had discovered and resolved the breach of its website and app and that police were notified. The ICO said Monday that a variety of information was compromised by poor security arrangements at the company, including login, payment-card and travel booking details as well as name and address information.“WSJ [Paywall]

Der Grund für das Strafausmaß wurde gestern bekannt wie ebenso das WSJ (The Morning Risk Report) berichtet: “U.K. Information Commissioner Elizabeth Denham said her office considered cybersecurity gaps, among other factors, in proposing Marriott International Inc. and British Airways’ parent company pay the biggest fines to date under Europe’s data-privacy laws.In an interview, Ms. Denham said the companies’ size, the number of people affected and the length of time hackers had access to data before they were detected factored into the U.K. regulator’s calculation of the potential fines, revealed this week.

Auch der internationalen Hotelkette Marriott International Inc. [Marriott] droht eine Strafe von GBP 99 Mio. Grund für diese Strafausmaß ist folgende Begründung der britischen Aufsichtsbehörde ICO: Bei der Übernahme von Starwood Hotels & Resorts durch Marriott wurde keine ausreichende “Due Diligence“-Prüfungshandlung durchgeführt, wie dazu die Nachrichtenagentur “Bloomberg“ ausführlich berichtet: