Going on holiday is supposed to be a time to relax and forget about the struggles of day-to-day life. A time when you can set aside all things work and worry-related and just chill. Unfortunately, the modern world has something else in mind for us.
Digital transformation within the travel and leisure industry has, no doubt, led to process efficiencies through automation. These efficiencies translate into lower operating costs; the benefits of which are often passed on to customers in the form of lower prices for flights and accommodation, or a faster check-in at your ports of departure and destination.
At the same time, digitalisation has created a big data landscape that is rich with personally identifiable information; including biometric, identity, financial and even medical data. Naturally, there are risks associated with the processing of this sensitive information. Data breaches, whether accidental or malicious, have wide-ranging implications and the victims of it may not discover the impact for years.
A recent article for McKinsey explores How Airlines Should Manage IT Failures and Security Breaches. Whilst the scope of the article covers more ground than just data security, it does highlight several recent cyberattacks targeting airlines that have exposed the records of millions of passengers. Airlines seem to have been particularly hard hit in recent years, with Japan Airlines, Cathay Pacific and British Airways all suffering notable breaches.
The types of data that have been compromised range from birth and address records to passport numbers, credit card details and even travel itineraries. The loss of this type of data is more than just a nuisance. It exposes the victims to privacy and personal security issues, and it exposes the organisation to financial costs, a loss of reputation and significant financial penalties.
Last year, it was revealed that the guest reservation database of Marriott’s Starwood hotel chain had been compromised by an unauthorised party. The breach exposed the records of over 300 million guests and resulted in $123million (USD) fine under the auspices of the GDPR.
Government agencies are also not immune to data breaches. Last year, for example, the US Customs and Border Protection Agency fell victim to a supply chain attack. The malicious action compromised over 100,000 records, including photographs of travellers faces and car license plates.
As systems become increasingly connected, and data is shared across private and public network infrastructure, organisations need to be more security conscious than ever. Global Ethernet and Internet protocol networks are not bulletproof. Data breaches will happen. The only way to ensure the privacy of the data, and avoid fines for qualifying breaches under stricter regulations, is to protect the data itself with end-to-end encryption.