Skip to main content

Data Breach Costs Hilton $700,000 In Settlement

By November 10, 2017June 21st, 2022Cybersecurity

Hilton Hotels is in hot water, having recently been fined a hefty $700,000 in an agreement with the states of New York and Vermont over the company’s mishandling of a pair of recent data breaches.

According to official statements released by investigators, the company was found to have made two glaring errors: failing to maintain reasonable data security, and failing to notify victims of the data breach in a timely manner.

This second was seen as being particularly egregious, given that the company waited more than nine months before notifying its customers of the first of the two breaches. Eric T. Schneiderman, the Attorney General of the state of New York, said:

“Businesses have a duty to notify consumers in the event of a breach and protect their personal information as securely as possible.

Lax security practices like those we uncovered at Hilton put New Yorkers’ credit card information and other personal data at serious risk. My office will continue to hold businesses accountable for protecting their customers’ personal information.”

According to the particulars of the agreement, New York State will receive $400,000 of the damages, and Vermont will receive $300,000.

The lesson here is as simple as it is painful. If you don’t take proper precautions and implement reasonable security when it comes to protecting your customers’ data or inform your impacted customers in a timely fashion, you’ll eventually pay the consequences.

Those consequences took two forms. First and most obvious to the eye is the hefty fine itself. Although Hilton is a large corporation with deep pockets, $700,000 isn’t exactly pocket change, and it’s bound to sting. Second, the company lost an enormous amount of face with its customers and tarnished its image and reputation. The lost trust arising from their mishandling will take far longer to rebuild than it will for the company to make up the financial loss represented by the fine.

File this one away under how not to handle a data breach.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.