WNY News Now

    , , , , ,

    Marriott Data Breach: $52 Million Settlement Aims to Strengthen Customer Data Security

    (WNY News Now) – NEW YORK – New York Attorney General Letitia James announced a substantial $52 million multistate settlement with Marriott International, Inc. concerning a prolonged data breach that compromised the personal information of millions, including numerous New Yorkers. The breach originated from a vulnerable guest reservation database operated by Starwood Hotels and Resorts…

    By News Staff
    1–2 minutes

    (WNY News Now) – NEW YORK – New York Attorney General Letitia James announced a substantial $52 million multistate settlement with Marriott International, Inc. concerning a prolonged data breach that compromised the personal information of millions, including numerous New Yorkers. The breach originated from a vulnerable guest reservation database operated by Starwood Hotels and Resorts Worldwide, a subsidiary of Marriott.

    An investigation revealed that intruders accessed Starwood’s database from July 2014 to September 2018, eluding detection for four years. The breach exposed sensitive data of 131.5 million customers across the United States, including contact details, birth dates, and unencrypted payment information.

    “Marriott let cybercriminals live in its database for years and millions of people had their information stolen as a result. Protecting customers’ private information should be a top priority, not a last resort, for all companies. I am proud to stand with my fellow attorneys general to hold Marriott accountable and to protect customers.”

    Under the terms of the settlement, Marriott will pay $52 million, with New York set to receive $2.29 million. The agreement mandates substantial enhancements to the hotel chain’s data security practices, which include:

    • Biannual Security Assessments: An independent third party will evaluate Marriott’s information security program every two years for the next two decades.
    • Data Minimization and Disposal: Marriott will implement strategies to limit the data collected from customers and ensure timely disposal of unnecessary information.
    • Comprehensive Security Program: A structured Information Security Program will be developed, emphasizing regular security updates to top management, alongside enhanced employee training in data handling.
    • Vendor Oversight: Increased scrutiny of vendors and franchisees will be enforced, focusing on “Critical IT Vendors” to mitigate security risks.
    • Acquisition Assessments: Marriott will assess the cybersecurity posture of any acquired entity promptly to address vulnerabilities during integration.

    Additionally, Marriott will allow customers to delete their stored data and will offer multi-factor authentication for loyalty rewards accounts, ensuring a higher level of security against unauthorized access.

    Joining Attorney General James in this settlement are the attorneys general from 49 states and territories.

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Trending

    Discover more from WNY News Now

    Subscribe now to keep reading and get access to the full archive.

    Continue reading