You are here: Home - Saving-Banking - News -

BLOG: Travel industry under threat from growing trend of cyber attacks

Written by: Aman Johal
It has been a tricky start to the New Year where data security is concerned as over 1.5 billion consumers had records breached in January alone. But consumers do have rights and protections.

The trend appears to continue from last year when the total number of breaches reached 7.9 billion – up 33% year-on-year.

Last month, MGM Resorts became the latest in a long line of businesses to suffer a data breach when it revealed the personal details of more than 10.6 million former guests had been exposed last summer.

Data such as full names, home addresses, phone numbers, emails, and dates of birth were leaked, with government officials and celebrities, including Justin Bieber, said to be among those who were affected.

A growing trend

MGM Resorts is not the only business in the travel industry to be targeted, with other companies in the sector falling foul to cybercriminals.

In 2018, it was revealed that the information of up to 500 million former guests at Marriott hotels had been exposed in a cyberattack. Personal data including credit card details and passport numbers were stolen, and the international hotel group has been issued with a provisional intent to fine an amount of almost £100m by the Information Commissioner’s Office (ICO).

Beyond hotel groups, two airlines – Cathay Pacific and British Airways – have also recently suffered significant data breaches of their own. The latter saw sensitive private and financial information of almost half-a-million customers exposed, leading to the ICO issuing a provisional intention to fine a record £183m and the possibility of a £3bn compensation claim pay-out.

It seems cybercriminals are targeting this industry because of the highly valuable data they can steal.

In particular, passport information, ID documents and financial data are highly prized – the kind of data that could lead to other criminal activities such as fraud and ID theft.

The most concerning aspect of the MGM breach is that the stolen data has reportedly been posted to a hacking forum, which could give cyber criminals around the world the ability to target affected individuals online. Unfortunately, this means the announcement of the MGM breach may just be the tip of the iceberg.

Business and government responsibilities

Businesses in this sector and beyond have an important responsibility to protect sensitive consumer data and they must appreciate the risks involved if they fail to do so. This means ensuring the best defences are in place and that staff are thoroughly educated in terms of data protection and effective cybersecurity.

Experts believe the BA data breach could have been avoided with more proactivity in the form of a bug bounty that may have cost them as little as a few thousand pounds. Similarly, some relatively cheap staff training could have prevented the New Year’s Honours list leak, where a member of staff inadvertently published the addresses of more than 1,000 recipients.

MGM took a gamble by having inadequate security measures in place to keep its customers’ data safe and must now face costs that extend beyond financial penalties and can include severe reputational damage.

In the UK, it falls on the Information Commissioner’s Office to fine companies, with penalties in the GDPR era ranging up to €20 million or 4% of the annual worldwide turnover of the preceding financial year; whichever is greater. Meanwhile, it is the role of the police and National Crime Agency (NCA) to prosecute hackers with punishments including prison sentences.

Consumer rights

Consumers who fall victim to a data breach may be entitled to bring a legal case for compensation against an organisation. The GDPR and the preceding Data Protection Act (DPA) 1998 enshrine the rights of victims in law to claim damages for the distress caused by the loss of control, or misuse, of personal information, as well as covering any financial losses suffered as a direct result of a cyber-attack.

Customers concerned they may have been affected by a data breach should keep a vigilant eye on their bank accounts and speak to their bank about what else they may need to do to secure any potentially compromised accounts.

Consumers can also change any login credentials associated with a breached organisation, and anywhere else where those same credentials have been used (although it is highly recommended to never re-use the same credentials for more than one account). Consumers should also keep a close eye on their credit reports for possible ID theft alerts, which could include an imposter applying for new credit in their name.

The combination of potential financial losses and the emotional and psychological stress suffered from a data breach is enough to ruin anyone’s holiday. It’s down to businesses in the travel industry and beyond to ensure consumers are protected; otherwise, their trip to paradise could turn into a holiday from hell.

Aman Johal is lawyer and director of consumer action law firm Your Lawyers

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Everything you wanted to know about ISAs…but were afraid to ask

The new tax year is less than a fortnight away and for ISA savers or investors, it’s hugely important. If yo...

Your right to a refund if travel is affected by train strikes

There have been a wave of train strikes in the past six months, and for anyone travelling today Friday 3 Febru...

Could you save money with a social broadband tariff?

Two-thirds of low-income households are unaware they could be saving on broadband, according to Uswitch.

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week