Hotel chain Marriott International is being held accountable after suffering multiple data breaches that exposed the sensitive information of more than 344 million customers worldwide. First, Marriott agreed to the settlement With a group of 50 US attorneys general. According to Connecticut Attorney General William Tong, 131.5 million hotel customers in the state have had their information stolen in attacks on hotels.
Second, a settlement The Federal Trade Commission will require Marriott and its Starwood Hotels & Resorts subsidiary to implement a new information security system to protect against future data breaches. The FTC settlement includes measures such as data minimization, account review tools for its loyalty rewards programs, and a link for guests to request deletion of their personal information.
Today’s settlements are based on three separate data breaches at Marriott and Starwood between 2014 and 2020, which allowed malicious individuals to access passport information, payment card numbers, loyalty numbers, birth dates, email addresses and other personal information . But cyber security issues have been a constant concern for these two businesses for the past decade. Hackers used “social engineering techniques” to access and steal an employee’s computer . Marriott was also part of a larger attack In 2019, Starwood became a victim Discovered in 2018; the company faced a fine of approx in England for this incident.