An revamp of the security system is also required by the FTC.
The hotel chain Marriott International is being held accountable for various data breaches that exposed sensitive information for more than 344 million customers all around the world. These breaches occurred after the hotel chain experienced multiple data breaches. To begin, Marriott reached a settlement with a group of fifty attorneys general in the United States that was worth $52 million. As a result of the attacks on the hotels, the personal information of 131.5 million hotel guests throughout the states was compromised, as stated by the Attorney General of Connecticut, William Tong.
Second, as part of the settlement with the Federal Trade Commission, Marriott and its subsidiary Starwood Hotels & Resorts will be required to take measures to build a new information security system in order to safeguard against any potential data breaches in the future. Data minimization, account review tools for its loyalty rewards programs, and a link for guests to seek deletion of their personal information are some of the measures that are included in the deal, which was reached with the Federal Trade Commission.
The settlements that were reached today are centered on three major data breaches that occurred at Marriott and Starwood between the years 2014 and 2020. These breaches allowed bad actors to gain access to personally identifiable information such as passport information, payment card numbers, loyalty numbers, dates of birth, email addresses, and other details. On the other hand, concerns over cybersecurity have been a persistent issue for these two companies throughout the course of the past decade. The hackers gained access to a staff computer by employing “social engineering techniques” and stole approximately 20 gigabytes worth of client data. In 2019, Marriott was also a part of a bigger campaign that was launched against Pyramid Hotel Group. The year 2018 saw the discovery of a data breach that affected Starwood, and as a result, the firm was threatened with a punishment of approximately $127.3 million in the United Kingdom.