Summary
Marriott International has agreed to a $52 million settlement with 49 states and Washington, D.C., following a series of data breaches that compromised the personal information of over 334 million customers between 2014 and 2020. In addition to the financial penalty, the settlement requires Marriott to implement a comprehensive information security program and provide U.S. customers with options to request deletion of their personal data.
The breaches involved significant lapses in data security practices at Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, which Marriott acquired in 2016. The Federal Trade Commission (FTC) highlighted that the company failed to implement necessary security measures such as appropriate password controls, network monitoring, and timely software updates. The compromised data included sensitive information like passport numbers, credit card details, and personal identification, raising concerns about customer privacy and security. As part of the settlement, Marriott must also restore stolen loyalty points for customers upon request, reflecting a commitment to improve its data protection protocols moving forward.
Background of the Breaches
Marriott’s data security issues came to light in multiple incidents, the most notable being a massive breach disclosed in November 2018, which affected approximately 383 million guests. Subsequent investigations revealed that hackers accessed sensitive information using login credentials from employees at franchised properties. The FTC’s complaint underscores that Marriott misled customers about the adequacy of its data security measures, leaving them vulnerable to malicious activities.
Settlement Terms
The settlement reached with the FTC and state attorneys general includes several key provisions: - Financial Penalty: Marriott will pay $52 million, which will be distributed among the participating states. - Security Enhancements: The company is required to implement a robust information security program aimed at preventing future breaches. - Customer Rights: U.S. customers will have the ability to request deletion of personal information linked to their accounts, ensuring greater control over their data.
Conclusion
This settlement marks a significant step in addressing the repercussions of Marriott’s data breaches and underscores the importance of stringent data security practices in the hospitality industry. The FTC’s actions aim to hold companies accountable for their security failures and protect consumer information in an increasingly digital world.
Marriott settles with the FTC for $52 million over data breaches
Oct. 10 / Fast Company / Offers a broader context by discussing the parallel investigations and the scale of the breaches, yet lacks a unique voice, presenting information in a straightforward manner without deeper analysis. “ Marriott International has agreed to pay $52 million and make changes to bolster its data security to resolve state and federal claims related to major data...
Marriott agrees to pay $52 million settlement after multiple data breaches
Oct. 10 / The Verge / Highlights the FTC's strong stance on Marriott's security failures, providing detailed insights into the breaches and settlement terms, while also emphasizing the company's lack of accountability throughout. “ Marriott agreed to pay a $52 million settlement to 49 states and Washington, DC, over a of that occurred between 2014 and 2020, affecting more than 334...