Written by James Orme Mon 6 Apr 2020

Both companies are struggling with sharp reductions in travel following Covid-19 outbreak

The UK Information Commissioner’s Office responsible for enforcing compliance with data regulations has deferred £280 million in fines handed out to British Airways and Marriott Hotels for data breaches.

British Airways was landed with a record £183 million in July 2019 over a 2018 data breach that saw 380,000 customer payment cards compromised. While Marriott is facing £99 million fine, also issued in July 2019, over a data leak caused by Chinese hackers that affected around 339 million customers.

UK news website Politico reported that Marriott’s fine is delayed until June 1, while Jon Baines, data protection adviser for UK law firm Mischon de Reya, wrote a blog post citing a section in BA parent IAG’s annual report showing the airline’s fine had been delayed until 18 May.

It is the second time the fines have been pushed back. In January both companies used the ICO’s quasi-appeal mechanism to successfully postpone their fines for three months.

British Airways is currently reckoning with the economic impacts of the coronavirus and it is thought the extension was permitted to give the airline time to weather the outbreak.

Last week BA was forced to suspend more than 30,000 staff until the end of May under the UK government’s furlough scheme. BA’s parent, IAG, also announced a reduction in seat capacity by 90 percent in April and May compared with last year.

Marriott has also been hit hard by the drop off in travel as businesses and holidaymakers roundly cancel planned trips in response to Covid-19. In March, CEO Arne Sorenson, announced he would not be taking his salary for the rest of the year and described the pandemic as “like nothing we’ve ever seen before”.

As if the company didn’t have enough to deal with, it also suffered a second major breach last month affecting 5.2 million customer records.