The Federal Trade Commission (FTC) announced a settlement with Marriott International Inc. (NASDAQ: MAR) and its subsidiary Starwood Hotels & Resorts Worldwide LLC related to three large data breaches between 2014 to 2020 impacting more than 344 million customers worldwide.
According to the FTC, data breaches resulted in the pilfering of passport information, payment card numbers, loyalty numbers, dates of birth, email addresses and/or personal information from consumers. The first breach began in June 2014 and went undetected for 14 months, involving payment card information of more than 40,000 Starwood customers. The second breach began around July 2014 and went undetected until September 2018, impacting 339 million Starwood guest account records worldwide, including 5.25 million unencrypted passport numbers. The third breach, which went undetected from September 2018 until February 2020, impacted Marriott’s own network and encompassed of 5.2 million guest records worldwide, including data from 1.8 million Americans.
The settlement would require Marriott and Starwood to provide all its US customers with a way to request deletion of personal information associated with their email address or loyalty rewards account number. The proposed settlement also requires Marriott to review loyalty rewards accounts upon customer request and restore stolen loyalty points.
Under a separate settlement, Marriott also agreed to pay a $52 million penalty to 49 states and the District of Columbia to resolve similar data security allegations. The FTC and the states worked in parallel on the investigation; the FTC does not have legal authority to obtain civil penalties in this case.
“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe.”
Marriott did not issue a public comment on the settlement.
Photo courtesy of Marriott
;
Well this very alarming as we are now staying at a Marriott. I can tell you their customer service is terrible, gave us keys to the wrong room, then couldn’t log onto the internet and was told to call their service company.🤬 Redesigned the rooms and only 2 drawers in a 2 bedroom room, bad lightening. Very disappointing!