Mere weeks after Marriott International was rocked by multiple data breaches, compromising sensitive information for over 344 million customers globally, the hotel chain finds itself facing intense scrutiny and potential legal action. Marriott agreed to settle with the Department of Justice and more than 50 state attorneys general for millions of dollars. According to Attorney General William Tong of Connecticut, approximately 131.5 million hotel guest records in the state were compromised as a result of the attacks on the lodgings.
Second, a with the Federal Commerce Fee would require Marriott and its Starwood Accommodations & Resorts subsidiary to implement a brand new info safety system to guard towards future knowledge exposures. The FTC settlement includes measures akin to knowledge minimization, featuring account evaluation tools for loyalty reward programs and a direct link enabling companies to request the deletion of their private information.
As we speak’s settlement is tied to multiple data breaches at Marriott and Starwood between 2014 and 2020, permitting nefarious actors unrestricted access to sensitive information including passport details, credit card numbers, loyalty program account numbers, dates of birth, email addresses, and other personal data. Throughout the past decade, concerns about cybersecurity have been a persistent issue for both entities. Hackers employed social engineering tactics to gain unauthorized access to a worker’s computer and pilfered approximately $0. Marriott was also part of a larger data breach that occurred in 2019. In 2018, Starwood faced a major data breach; subsequently, the company faced criticism and fines from regulatory bodies in the UK for its handling of the incident.