The U.S. Federal Trade Commission (FTC) announced on Wednesday that Marriott International, along with its subsidiary Starwood Hotels & Resorts Worldwide, will implement a comprehensive information security program as part of a settlement addressing charges stemming from multiple data breaches that occurred between 2014 and 2020.
These significant breaches compromised the personal information of over 344 million customers worldwide. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, stated, “Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers. The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe.”
As part of the settlement, Marriott and Starwood have agreed to provide U.S. customers with the option to request the deletion of personal information linked to their email addresses or loyalty rewards accounts. Additionally, Marriott will be required to review loyalty rewards accounts upon request and restore any stolen loyalty points.
In a separate agreement announced on the same day, Marriott will pay a $52 million penalty to 49 states and the District of Columbia to resolve similar data security allegations.
In response to the settlement, Marriott emphasized its commitment to protecting guest data, stating, “Protecting guests’ personal data remains a top priority for Marriott. These resolutions reaffirm the company’s continued focus on and significant investments in maintaining and adapting its programs and systems to assess, identify, and manage risks from evolving cybersecurity threats.”
Notably, Marriott maintains that it does not admit liability regarding the underlying allegations in its agreements with the FTC and state Attorneys General. The hotel chain is also facing a class action lawsuit in London, filed in 2020 by millions of former guests seeking compensation for the breach, which is considered one of the largest in history.
Related topics:
Space Startups Surge in Funding as Investor Interest Shifts to Capital-Intensive Ventures
Star Health Investigates Data Leak Allegations Involving Security Chief
U.S. Charges 15 Individuals and Three Companies in Major Cryptocurrency Fraud Case