As part of the settlement, Marriott International Inc. will pay $52 million to address claims related to these breaches, which affected over 344 million customers globally.

The Federal Trade Commission (FTC) and attorneys general from 49 states and the District of Columbia have announced settlements with Marriott following investigations into three significant data breaches that occurred between 2014 and 2020.

The breaches exposed sensitive customer information, including passport details, payment card numbers, loyalty program numbers, and email addresses, raising serious concerns about data security.

One of the most significant breaches began in July 2014 and went undetected until September 2018, compromising 339 million guest account records and 5.25 million unencrypted passport numbers.

The FTC's complaint highlighted Marriott's inadequate data security measures, including poor password controls and a lack of network monitoring, which contributed to the breaches.

In early 2020, Marriott discovered unauthorized access to guest information linked to two employees at a franchised property, affecting approximately 5.2 million guests.

The hotel chain will undergo independent third-party reviews of its security program every two years for up to 20 years to ensure compliance with the new security measures.

Marriott will also enhance oversight of vendors and franchisees and assess the information security of future acquisitions to prevent similar breaches.

As part of the settlement, Marriott is mandated to implement a comprehensive information security program to enhance its cybersecurity practices and consumer protections.

The company is required to minimize data collection and establish strict requirements for consumer data security, including encryption and intrusion detection.

In a statement, Marriott emphasized its commitment to protecting guest data and mentioned ongoing investments in cybersecurity measures to address these vulnerabilities.

The settlement was announced on October 9, 2024, and reflects Marriott's commitment to improving its cybersecurity practices following a decade of persistent issues.