Skip to main content

Home  »  US business news   »   Marriott Agrees to $52 Million Settlement and Enhanced Data-Security Measures 

Marriott Agrees to $52 Million Settlement and Enhanced Data-Security Measures 

Marriott Agrees to $52 Million Settlement and Enhanced Data-Security Measures 

Marriott International has agreed to pay $52 million and adopt improved data-security practices in response to data breaches that affected hundreds of millions of customers.

The settlements, reached with the Federal Trade Commission (FTC) and a coalition of U.S. state attorneys general, aim to address longstanding security issues and protect Marriott’s guests from future cyber threats.

Details of the Settlements

The settlements require Marriott to pay $52 million to a coalition of 50 states, co-led by Connecticut Attorney General William Tong.

The Bethesda, Maryland-based hotel giant also reached a separate agreement with the FTC, under which it must implement enhanced data-protection measures and provide a way for customers to request deletion of personal information associated with their email addresses or loyalty accounts.

Data Breach History and Allegations

employer

The FTC’s investigation revealed that between 2014 and 2020, Marriott and its acquired company, Starwood Hotels & Resorts Worldwide, experienced three significant data breaches.

Hackers accessed sensitive guest records, including contact details, dates of birth, and, in some cases, unencrypted passport numbers and payment card information. Marriott acquired Starwood in 2016, inheriting the compromised network.

The breaches went undetected for several years, exposing vulnerabilities within Starwood’s computer network, which Marriott was accused of failing to address effectively.

The FTC’s Bureau of Consumer Protection criticized Marriott’s security practices, with Director Samuel Levine stating that poor data-security practices contributed to the breaches.

Attorney General William Tong, one of the leaders of the coalition that secured the $52 million settlement, stressed the importance of safeguarding customer data, stating, “Companies have an obligation to protect their customers’ data, and Marriott clearly failed to do that, resulting in the breach of the Starwood computer network and the exposure of personal information for millions of its guests.”

Marriott’s Commitment to Improved Data Security

As part of the settlements, Marriott will enhance its cybersecurity practices to mitigate future risks. The company will:

  • Provide a Customer Data Portal: Marriott will offer U.S. customers a way to request the deletion of personal data linked to their email or loyalty accounts.
  • Restore Stolen Loyalty Points: Upon request, the company will review and restore loyalty points stolen due to unauthorized account access.
  • Establish a Multi-Factor Authentication System: To strengthen security for company accounts, Marriott will implement a multi-factor authentication option.
  • Create a Reporting Platform for Suspicious Activity: Marriott will offer an online portal for guests to report suspicious activity in their loyalty accounts, allowing for faster response times in the event of potential fraud.

Marriott has stated that these measures reflect the company’s ongoing commitment to safeguarding guest information.

In a public statement, Marriott affirmed, “These resolutions reaffirm the company’s continued focus on and significant investments in maintaining and adapting its programs and systems to assess, identify, and manage risks from evolving cybersecurity threats.”

Background on the Data Breaches

The Starwood data breach was one of the largest of its kind, affecting over 344 million customers worldwide.

Intruders gained access to the company’s system and remained undetected for several years, leading to the exposure of extensive customer data.

Following the acquisition of Starwood in 2016, Marriott inherited these vulnerabilities, which ultimately contributed to the series of breaches.

The breaches raised concerns about Marriott’s ability to adequately secure customer information, with many privacy advocates criticizing the company for not taking proactive steps to mitigate risks upon acquiring Starwood.

The company has since invested in more advanced cybersecurity systems and data-protection measures to prevent similar incidents.

The Future of Data Security for Marriott

With these settlements, Marriott is moving to regain the trust of its customers by making substantial investments in cybersecurity.

The adoption of multi-factor authentication, enhanced monitoring systems, and improved data management tools are expected to bolster Marriott’s defenses against cyber threats and reduce the likelihood of future breaches.

By implementing these new measures, Marriott aims to demonstrate its dedication to prioritizing customer privacy.

Although the company admitted no liability in connection with the allegations, the settlements mark a turning point in its approach to data security.

Moving forward, the company is likely to continue making significant investments in cybersecurity to protect customer data in an increasingly digital world.

Marriott’s commitment to enhanced data protection serves as a reminder that safeguarding customer information is paramount in today’s connected economy.

For Marriott, the next steps involve ensuring that these security enhancements are effectively integrated across all operations and that employees are trained to identify and respond to emerging threats.

Looking Ahead

As cyber threats become more sophisticated, companies like Marriott are faced with the ongoing challenge of keeping customer information secure.

The settlement agreements with the FTC and the coalition of state attorneys general signify Marriott’s recognition of this responsibility.

By implementing these new security practices, Marriott aims to set a higher standard for data protection in the hospitality industry.

These actions underscore the importance of adapting to new cybersecurity challenges and demonstrate Marriott’s commitment to protecting its guests.

As the company works to rebuild trust and enhance its digital defenses, the hospitality industry may follow suit, leading to a safer online experience for all travelers.

Tags:
FTC