Marriott to boost security to settle data breach charges

The U.S. Federal Trade Commission said Marriott and Starwood Hotels must implement an information security program to settle data breach charges from 2014 to 2020

The three large data breaches, which took place from 2014 to 2020, affected more than 344 million customers worldwide, the FTC said. "Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection.

Key takeaways

• Marriott and Starwood also agreed to provide its U.S. customers with a way to request deletion of personal information associated with their email address or loyalty rewards account number;
• Marriott will also be required to review loyalty rewards accounts upon customer request and restore stolen loyalty points, the FTC said;
• "Protecting guests’ personal data remains a top priority for Marriott. These resolutions reaffirm the company’s continued focus on and significant investments in maintaining and adapting its programs and systems to assess, identify, and manage risks from evolving cybersecurity threats," Marriott said in a statement.

Get the full story at Reuters