Marriott International and Starwood Hotels and Resorts are taking significant steps to address past data security failures. The companies have agreed to a settlement that includes financial penalties and stringent security improvements. This move aims to restore customer trust and strengthen data protection measures.
Previous settlements in the hospitality industry have often included similar financial penalties and requirements for enhancing cybersecurity practices. Marriott’s latest agreement aligns with industry trends aimed at holding large corporations accountable for data breaches. This settlement reflects an ongoing effort to improve data protection standards across the sector.
How Will Marriott Improve Data Security?
Marriott and Starwood will implement enhanced security protocols, including multifactor authentication and standardized patch management. They must perform detailed after-action reports following any future breaches and conduct data security training for IT personnel and employees with access to sensitive information. The agreement also mandates stricter access controls for employees and vendors, ensuring that only authorized individuals can access personal data.
What Were the Causes of the Data Breaches?
The breaches were attributed to inadequate firewalls, network segmentation, access controls, outdated software, and lack of multifactor authentication. A malicious hacker exploited these vulnerabilities to install malware and steal consumer payment card information. Additionally, a separate breach involved the installation of keyloggers and remote access trojans that compromised 339 million personal data records over several years.
What Financial Penalties Does Marriott Face?
In addition to the settlement with the Federal Trade Commission, Marriott International agreed to pay $52 million in fines to settle an investigation by 49 states and the District of Columbia. These penalties are part of a broader effort by regulators to hold Marriott accountable for its data security shortcomings.
“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,”
stated Samuel Levine, director of the FTC’s Bureau of Consumer Protection.
The settlement underscores the importance of robust cybersecurity measures in protecting consumer data within the hospitality industry. By enforcing stricter security protocols and imposing significant financial penalties, regulatory bodies aim to prevent future breaches and ensure companies prioritize data protection. Customers can expect improved security practices as Marriott works to comply with the new standards, potentially restoring confidence in the brand’s ability to safeguard personal information.
“Marriott makes no admission of liability with respect to the underlying allegations.”
