Marriott Settles with FTC: Major Overhaul of Data Security After Multiple Breaches Affecting Millions

October 10, 2024
Marriott Settles with FTC: Major Overhaul of Data Security After Multiple Breaches Affecting Millions
World News
World News
US News
US News
Tech
Tech
Cybersecurity
Cybersecurity

  • Although Marriott has agreed to these terms, the company has made no admission of liability regarding the breaches.

  • The settlement also includes provisions for Marriott to restore stolen loyalty points and provide customers with options for enhanced security, such as multi-factor authentication.

  • The settlement, which involves 49 state attorneys general and the District of Columbia, addresses allegations related to data security breaches that compromised the information of over 344 million customers worldwide.

  • Additionally, a breach in early 2020 affected about 5.2 million guests due to compromised login credentials of employees at a franchised property.

  • FTC Director Samuel Levine emphasized that Marriott's inadequate security practices contributed to these breaches and highlighted the necessity for improved data security measures.

  • As part of the settlement, Marriott will enhance its data privacy protocols, including allowing U.S. customers to request the deletion of personal information linked to their accounts.

  • Marriott is also required to conduct independent assessments of its information security program every two years and certify compliance with the FTC for the next 20 years.

  • The U.S. Federal Trade Commission (FTC) announced a settlement with Marriott International and its subsidiary Starwood Hotels & Resorts, mandating the implementation of a comprehensive information security program following multiple data breaches that occurred between 2014 and 2020.

  • These breaches resulted in unauthorized access to sensitive customer information, including passport details, payment card numbers, and email addresses.

  • A significant breach in November 2018 exposed data from approximately 383 million guests, including unencrypted passport numbers and credit card information.

  • The FBI investigated the 2018 breach, suspecting that the hackers were associated with the Chinese Ministry of State Security.

  • This settlement follows a decade marked by multiple data breaches that have raised serious concerns about Marriott's data security practices.

Summary based on 11 sources

Get a daily email with more World News stories

Sources

Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches

AP News • Oct 9, 2024

Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches
If you're a Marriott customer, FTC says the breach-plagued hotel chain owes you

ZDNET • Oct 9, 2024

If you're a Marriott customer, FTC says the breach-plagued hotel chain owes you
Marriott to Boost Data Protection Practices as Part of Deal With FTC

CNET • Oct 9, 2024

Marriott to Boost Data Protection Practices as Part of Deal With FTC
Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches

ABC News • Oct 10, 2024

Marriott agrees to pay $52 million, beef up data security to resolve probes over data breaches

More Stories