Marriott settles multiple data breaches for $ 52M

Marriott International Inc. has agreed to pay a $ 52 million penalty to settle three large data breaches.
In a proposed complaint, the Federal Trade Commission (FTC) states that Marriott and its subsidiary Starwood Hotels & Resorts Worldwide LLC have deceived consumers by claiming to have decent and appropriate data security.
“Despite these claims, the companies unfairly failed to deploy reasonable or appropriate security to protect personal information,” the FTC says in a press release.
The U.S. marketing regulator states there was no appropriate password control, network segmentation or log and monitor network environment. Furthermore, software and systems were outdated and no adequate multifactor authentication was deployed.
The companies’ failure to implement reasonable data security led to three major data breaches between 2014 and 2020. During the incidents, malicious threat actors were able to obtain passport information, payment card numbers, loyalty numbers, dates of birth, email addresses, and personal information from more than 344 million customers worldwide.
Marriott agreed to pay a $ 52 million penalty to 49 states and the District of Columbia to resolve similar data security allegations.
The hotel companies must also implement a comprehensive security program to beef up the protection of customer data. They also have to adopt a policy to retain as little personal information as necessary for only as long as is reasonably necessary.
Furthermore, all U.S. customers with a request to review unauthorized activity in their Marriott Bonvoy loyalty rewards accounts, must be compensated by restoring all loyalty points that were stolen.
Lastly, Marriott and Starwood must provide a link for customers to request deletion of personal information associated with an email address or loyalty rewards program.
“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers. The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe,” Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said in a statement.
Your email address will not be published. Required fields are marked