Marriott International (NASDAQ: MAR) has agreed to pay $52 million and implement stronger data security measures to resolve multiple claims from significant data breaches between 2014 and 2020. These breaches, which affected over 300 million customers worldwide, led to the unauthorized access of personal information such as passport numbers, payment details, and loyalty numbers.
The settlement resolves investigations by the Federal Trade Commission (FTC) and attorneys general from 49 states and the District of Columbia.
The FTC, along with the states, alleged that Marriott’s inadequate security practices were the root cause of these breaches. While Marriott made no admission of liability, it has committed to strengthening its cybersecurity and providing U.S. customers with the option to request the deletion of their personal data.
Why It Matters: This settlement underscores the serious consequences businesses face when they fail to protect sensitive consumer information. With the rise of cyberattacks targeting major corporations, the Marriott breach highlights the need for stringent data protection measures to prevent future incidents and protect consumer trust.
- FTC Allegations: The FTC accused Marriott of failing to implement proper data security measures, such as password controls and network monitoring, which left customer information vulnerable to hackers.
- Scope of the Breaches: Data breaches between 2014 and 2020 exposed the personal information of over 300 million customers globally, including sensitive details like passport and credit card numbers.
- Settlement Terms: Marriott agreed to pay $52 million, to be split among the states, and strengthen its data security practices as part of the settlement with the FTC and state attorneys general.
- Consumer Protection Measures: The company will now offer U.S. customers the option to request deletion of their personal information linked to their email or loyalty account.
