Marriott International is being held accountable after the hotel chain suffered multiple data breaches that exposed confidential information of more than 344 million customers worldwide. First, Marriott agreed to a $52 million settlement with a group of 50 U.S. attorneys general. According to Connecticut Attorney General William Tong, 131.5 million hotel guests in each state had their information compromised in the attack.
Second, the settlement with the Federal Trade Commission will require Marriott and its subsidiary Starwood Hotels & Resorts to implement new information security systems to protect against future data breaches. The FTC agreement includes measures such as data minimization, account review tools for loyalty rewards programs, and a link for guests to request deletion of their personal information.
Today’s settlement centers on three separate data breaches at Marriott and Starwood from 2014 to 2020 that allowed malicious actors to access passport information, payment card numbers, and loyalty numbers. , date of birth, email address, and other personal information. However, cybersecurity issues have been an ongoing concern for these two companies over the past decade. The hackers used “social engineering techniques” to gain access to employee computers and stole approximately 20GB of customer data. Marriott also participated in a major attack on Pyramid Hotel Group in 2019. Starwood was the victim of a data breach that was discovered in 2018. The incident resulted in the company being fined approximately $127.3 million in the UK.
