Astonishing theft of up to 500 million people’s personal data shows the need for genuine cyber security.
We live at the dawn of what has been dubbed the Information Age, a time of stunning technological change – on a par with the Industrial Revolution – that has already transformed the world and will continue to do so.
However, if anyone had any notion that criminals, despotic regimes and others with malign intent would not seek to exploit such rapid developments, then the theft of personal information from a database of up to 500 million customers of the Marriott International hotel group should put them straight.
It should also act as a significant wake-up call to companies and governments who wish to make a success of the Information Age by ensuring it works for ordinary people and does not become a lawless era, a cyber ‘Wild West’ in which the digitally clumsy fall prey to more dextrous, but immoral, minds.
There have been previous large-scale data hacks, but this latest incident – the second-largest in history – has some alarming features beyond its sheer scale.
The thieves may now be in possession of personal details like name, address, phone number, passport number, bank account details and date of birth, which represents quite a coup for those skilled at identity theft and online fraud, if that is their motive. Also, the hack began in 2014 and was only discovered on 10 September this year. According to one expert, four years is an unusually long time for such a breach to occur, but the average detection time of 200 days is hardly encouraging.
Every major economy now depends, to a significant extent, on the ability to share large amounts of data at the touch of a button. The system has become, as the saying goes, too big to fail. There will always be a temptation for companies to try to brush problems under the carpet to minimise the reputational damage.
In the EU, the General Data Protection Regulation came into force in May, billed as the “most important change in data privacy regulation in 20 years”. Under its provisions, organisations can be fined up to 20 million euros (about £17.8 million) or four per cent of their annual global turnover for failing to handle someone else’s data correctly.
It remains to be seen if Marriott is now in trouble and also whether these rules are indeed tough enough.
But they will need to be if the Information Age is avoid to becoming the Stolen-Information Age.