Business
Marriott Agrees To Pay $52 Million, Beef Up Data Security To Resolve Probes Over Data Breaches
Marriott International has agreed to pay $52 million and make improvements to improve its data security in order to satisfy state and federal claims stemming from catastrophic data breaches that affected over 300 million of its customers globally.
On Wednesday, the Federal Trade Commission and a consortium of attorneys general from 49 states and the District of Columbia announced separate settlement agreements with Marriott. The FTC and the states conducted parallel investigations into three data breaches that occurred between 2014 and 2020.
Marriott Agrees To Pay $52 Million, Beef Up Data Security To Resolve Probes Over Data Breaches
According to the FTC’s proposed complaint, the data breaches enabled “malicious actors” to collect passport information, payment card numbers, loyalty numbers, dates of birth, email addresses, and/or personal information from hundreds of millions of consumers.
The FTC stated that the breaches were caused by weak data security measures at Marriott and its subsidiary Starwood Hotels & Resorts Worldwide.
Specifically, the agency said that the hotel operator failed to secure its computer system with proper password management, network monitoring, or other data-protection methods.
As part of its proposed settlement with the FTC, Marriott agreed to “implement a robust information security program” and give all U.S. customers with a method to request the deletion of any personal information connected with their email address or loyalty rewards account number.
Marriott also paid similar charges filed by a group of attorneys general. In addition to committing to improve its data security processes, the hotel operator will pay a $52 million penalty, which will be shared among the states.
Marriott, based in Bethesda, Maryland, stated on its website Wednesday that its agreements with the FTC and states included no acknowledgment of liability. It also stated that it has already implemented data privacy and information security measures.
In early 2020, Marriott discovered that an unexpected amount of visitor information was accessed using the login credentials of two workers at a franchisee location. At the time, the business assessed that the personal information of approximately 5.2 million guests worldwide may have been compromised.
Marriott Agrees To Pay $52 Million, Beef Up Data Security To Resolve Probes Over Data Breaches
In November 2018, Marriott reported a huge data breach in which hackers gained access to information on up to 383 million guests. In that case, Marriott stated that unencrypted passport numbers for at least 5.25 million visitors were accessed, as well as credit card information for 8.6 million guests. Starwood operated the affected hotel brands prior to its acquisition by Marriott in 2016.
The FBI spearheaded the investigation into the data theft, and investigators assumed the hackers were working for China’s Ministry of State Security, which is roughly similar to the CIA.
SOURCE | AP
