Marriott International has reached a $52 million settlement and committed to strengthening its data security measures to resolve investigations related to significant data breaches impacting over 300 million customers globally.
On Wednesday, the Federal Trade Commission (FTC) and attorneys general from 49 states and the District of Columbia announced the terms of separate settlements with Marriott. These investigations focused on three data breaches that occurred between 2014 and 2020.
The breaches allowed “malicious actors” to access sensitive customer information, including passport details, payment card numbers, loyalty account numbers, birth dates, email addresses, and other personal data, according to the FTC’s proposed complaint.
The FTC accused Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, of failing to implement adequate data security measures. The agency highlighted shortcomings in password controls, network monitoring, and other security practices that contributed to the breaches.
As part of the settlement with the FTC, Marriott will implement a comprehensive information security program and offer U.S. customers the option to request the deletion of personal information linked to their email addresses or loyalty account numbers.
In addition to the FTC settlement, Marriott agreed to similar terms with the attorneys general, including the $52 million penalty, which will be distributed among the states.
In a statement released on Wednesday, Bethesda, Maryland-based Marriott clarified that it did not admit liability as part of the settlements and emphasized that it has already initiated enhancements to its data privacy and security protocols.
In early 2020, Marriott discovered unauthorized access to guest information through the login credentials of two employees at a franchised property, affecting approximately 5.2 million guests worldwide.
In November 2018, Marriott disclosed a massive breach where hackers accessed information on as many as 383 million guests, including unencrypted passport numbers for at least 5.25 million guests and credit card details for 8.6 million. This breach involved hotel brands previously operated by Starwood, which Marriott acquired in 2016. The FBI led the investigation, suspecting that the hackers acted on behalf of the Chinese Ministry of State Security, akin to the CIA.
hii Aditi Sahu this side..
As an author and writer specializing in investment and finance , I am dedicated to delivering insightful articles and news stories that inform and engage the investment community . My focus is on providing timely and relevant content that covers market trends , innovative strategies , and key financial development . My goal is to equip investors with the knowledge and insights needed to make informed decisions and succeed in a dynamic financial environment.