Marriott International has agreed to pay $52 million and make changes to bolster its data security to resolve state and federal claims related to major data breaches that affected more than 300 million of its customers worldwide.
The Federal Trade Commission and a group of attorneys general from 49 states and the District of Columbia announced the terms of separate settlements with Marriott on Wednesday. The FTC and the states ran parallel investigations into three data breaches, which took place between 2014 and 2020.
As a result of the data breaches, “malicious actors” obtained the passport information, payment card numbers, loyalty numbers, dates of birth, email addresses and/or personal information from hundreds of millions of consumers, according to the FTC’s proposed complaint.
The FTC claimed that Marriott and subsidiary Starwood Hotels & Resorts Worldwide’s poor data security practices led to the breaches.
Specifically, the agency alleged that the hotel operator failed to secure its computer system with appropriate password controls, network monitoring or other practices to safeguard data.
As part of its proposed settlement with the FTC, Marriott agreed to “implement a robust information security program” and provide all of its U.S. customers with a way to request that any personal information associated with their email address or loyalty rewards account number be deleted.
Marriott also settled similar claims brought by the group of attorneys general. In addition to agreeing to strengthen its data security practices, the hotel operator also will pay $52 million penalty to be split by the states.
Want to reach a local audience and grow your business?
Our website is the perfect platform to connect with engaged readers in your local area.
Whether you're looking for banner ads, sponsored content, or custom promotions, we can tailor a package to meet your needs.
Contact us today to learn more about advertising opportunities!
CONTACT US NOW
