Hotel chain Marriott agrees to US$52m settlement over data breaches impacting 344m

Marriott hotel chain agrees to $52 million settlement following data breaches affecting 344 million people

Marriott hotel chain agrees to $52 million settlement following data breaches affecting 344 million people

Marriott and its subsidiary Starwood also agreed to improve their information security after data security breaches.

Hotel chain Marriott and its subsidiary Starwood have agreed to undergo a comprehensive data security program to resolve Federal Trade Commission accusations that the companies failed to properly protect customer data following of three data breaches between 2014 and 2020 which saw the data of more than 344 million customers. exposed.

Marriott and Starwood also agreed to offer customers the opportunity to request deletion of their personal information and to have their loyalty programs reviewed and the restoration of stolen loyalty points.

Marriott also agreed to pay US$52 million in a separate settlement to the District of Columbia and 49 states over similar security issues.

The FTC argued that Marriott and its subsidiary misled customers by “claiming to have reasonable and appropriate data security,” and yet failed to deliver on that promise. According to the FTC, Marriott and Starwood did not have appropriate password controls, access or firewalls in place, or proper network segmentation.

Additionally, it had not properly updated its software, logged and monitored network activity, or used multi-factor authentication.

Because of these “security breaches,” Marriott and its subsidiary suffered three data breaches in the space of six years. A 2014 breach affecting the credit card information of more than 40,000 customers went unnoticed for 14 months when Marriott finally notified its customers, and a second breach in 2014, this time affecting 339 million customer records in the world, remained unnoticed until September 2018.

The third breach occurred in 2018 but was not detected until 2020, this time affecting 5.2 million guest records. This breach compromised “names, mailing addresses, email addresses, phone numbers, month and day of birth, and loyalty account information.”

Under the settlement agreement, Marriott and Starwood will be required to implement a data minimization policy, certify their compliance with a robust data security program to the FTC annually for 20 years, review their loyalty rewards program and provide a link for customers to request deletion of their personal data.

“Marriott’s poor security practices have led to multiple breaches affecting hundreds of millions of customers,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection, said in a statement.

“The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices at hotels around the world.”

“4 people tweeting” changed the face of Nigerian politics

“4 people tweeting” changed the face of Nigerian politics

When Colleges Offer Coding Boot Camp, Students Can Get a Good Deal

When Colleges Offer Coding Boot Camp, Students Can Get a Good Deal

Leave a Reply

Your email address will not be published. Required fields are marked *