Hilton Credit Card Data Breach Settlement Includes A $700,000 Fee
In order to settle a probe into a pair of credit card data breaches that affected some of its guests a couple years back, Hilton Worldwide Holdings will pay a $700,000 fee and also work to improve its security to help ensure future incidents don't occur. The settlement was announced by the attorneys general for Vermont and New York in a statement earlier today.
The first data breach happened in 2014 and the second in 2015, both resulting from malware; allegations against the company accused it of waiting about 9 months to alert customers after the first breach and about 3 months after the second.
As well, the company was accused of failing to properly secure its data, leaving it vulnerable to hackers. The disclosure, as we've previously reported, was ultimately made in November 2015.
Waiting a long while to disclose a data breach is a problem we've seen elsewhere, and is one strong criticism against Yahoo over its recently revealed breaches, for example. Failing to alert customers in a timely fashion delays their ability to take steps to secure their bank accounts, credit reports, or whatever may be exposed as a result of the breach.
Under this settlement, Hilton has agreed to disclose any future security breaches more quickly. As well, the company will better monitor for future threats, and will also follow the card industry's data security standards, Reuters reports. As for the monetary aspect of the settlement, Vermont will get $300,000 and New York will get the remaining $400,000.
SOURCE: Reuters