Marriott Settles Data Security Breach for $52 Million

Marriott International, Inc. has agreed to pay a $52 million penalty to settle data security allegations brought by 49 states and the District of Columbia. The settlement resolves two incidents of security breaches that affected over 344 million customers between 2014 and 2020, according to the Federal Trade Commission (FTC).

In addition to the financial penalty, Marriott is required to offer its U.S. customers a way to request the deletion of their personal information and restore stolen loyalty points to affected individuals.

“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. The FTC’s coordinated action with state partners ensures Marriott will improve its global data security practices moving forward.

The FTC complaint highlighted that Marriott falsely claimed to have “reasonable and appropriate data security” measures in place. However, three major breaches over six years compromised sensitive customer information, including email addresses, phone numbers, mailing addresses, and dates of birth.

The largest breach, in 2018, affected millions of customers. An FBI investigation linked the breach to hackers associated with the Chinese Ministry of State Security, according to the Associated Press.

Under the new settlement, Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide LLC, must enhance their security protocols. This includes minimizing data retention, developing a comprehensive information security program, certifying compliance to the FTC annually for the next 20 years, and providing customers with a method to review unauthorized activity and request the deletion of personal data.

Related News: https://airguide.info/?s=Marriott