Business Media & Technology News

Marriott to Pay $52 Million, Enhance Data Security to Settle Data Breach Probes

Marriott International has agreed to a substantial settlement to resolve investigations into a series of data breaches that exposed the personal information of over 300 million customers worldwide. The hotel giant will pay $52 million and implement significant enhancements to its data security practices as part of the settlement.

The settlement resolves parallel investigations conducted by the Federal Trade Commission (FTC) and a group of state attorneys general. These investigations focused on three major data breaches that occurred between 2014 and 2020, during which hackers gained access to sensitive customer information, including passport details, payment card numbers, loyalty program data, dates of birth, email addresses, and personal information.

The FTC alleged that Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, failed to implement adequate data security measures, leading to the breaches. Specifically, the FTC’s complaint cited inadequate password controls, insufficient network monitoring, and other shortcomings in safeguarding customer data.

As part of the settlement with the FTC, Marriott has agreed to:

  • Implement a comprehensive information security program to prevent future breaches.
  • Provide all U.S. customers with a mechanism to request the deletion of their personal information associated with their email address or loyalty account.

In a separate settlement with the state attorneys general, Marriott will pay a $52 million penalty, which will be divided among the participating states.

While Marriott has not admitted liability as part of these settlements, the company acknowledged that it has already enhanced its data security practices and is committed to protecting customer information.

The data breaches involved unauthorized access to sensitive customer data, including passport numbers and payment card information. One breach, disclosed in 2018, affected as many as 383 million guests and involved hotel brands operated by Starwood before its acquisition by Marriott in 2016. An investigation led by the FBI suggested that the hackers may have been working on behalf of a foreign government.

Key Takeaways:

  • Marriott International will pay $52 million and strengthen its data security practices to settle claims related to major data breaches.
  • The settlements resolve investigations by the FTC and state attorneys general into three breaches that exposed the personal information of over 300 million customers.
  • Marriott has agreed to implement a robust information security program and provide a mechanism for U.S. customers to request data deletion.

This settlement highlights the growing importance of data security and the potential financial and reputational consequences for companies that fail to adequately protect customer information. As data breaches become more common and sophisticated, businesses must prioritize robust data security measures to safeguard customer data and maintain trust.

Share this content:

Qusai Ahmad

Qusai Ahmad is the founder of "Speak Accounting," a platform dedicated to simplifying Accounting and Excel for learners of all levels. Through insightful blog posts and comprehensive courses, Qusai Ahmad empowers individuals to master accounting principles and Excel skills with ease.

view all posts

Related Posts

You May Have Missed