The United States Federal Trade Commission on Wednesday, October 9, said it would require Marriott International and its subsidiary Starwood Hotels & Resorts Worldwide to implement an information security program to settle charges related to multiple data breaches recorded between 2014 and 2020.
The mentioned regulator claims that there are three large data breaches. These cases that occurred during the specified period affected more than 344 million people worldwide. Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, said that Marriott’s security measures, which proved ineffective, caused multiple breaches affecting hundreds of millions of the company’s customers. According to him, the current actions of the regulator in coordination with partners in the states will allow the specified firm to improve data security practices in hotels around the world.
Marriott and Starwood have also agreed to provide their customers in the US with the opportunity to request the deletion of personal information. In this case, the data associated with the email address or account number in the loyalty awards is meant.
Besides, Marriott will be required to review loyalty awards accounts and restore stolen loyalty points. The relevant information is contained in a press release published by the FTC.
As part of a separate settlement that was announced on Wednesday, Marriott has agreed to pay a $52 million penalty to 49 states and the District of Columbia. In this case, the goal is to resolve allegations related to the company’s practices in the data security area.
In a statement, Marriott noted that the protection of the personal data of guests remains a top priority for the company. Also, in this case, attention was drawn to the fact that the agreements with the FTC and the state Attorneys General imply that the firm makes no admission of liability with respect to the underlying allegations.
As we have reported earlier, BlueSnap Reaches $10 Million Settlement With FTC.
