Marriott International is being sued after the hotel chain suffered multiple data breaches that exposed sensitive information on more than 344 million customers worldwide. First, Marriott agreed to a settlement with a group of 50 US attorneys general. According to Connecticut Attorney General William Tong, 131.5 million hotel customers in the state had their information compromised when hotels were attacked.
Second, the settlement with the Federal Trade Commission will require Marriott and its subsidiary Starwood Hotels & Resorts to implement a new data protection plan to protect against future data disclosures. The FTC’s agreement includes measures such as data reduction, account review tools for its loyalty rewards programs and a link for guests to request the removal of their personal information.
Today’s filing centers on three separate data breaches at Marriott and Starwood between 2014 and 2020 that allowed malicious actors to access passport information, payment card numbers, loyalty numbers, dates of birth, email addresses and other personal information. But cybersecurity issues have dogged these two businesses for the past decade. Hackers used “social engineering techniques” to access an employee’s computer and steal about . Marriott was also part of a major offensive in 2019. Starwood was the target of acquisitions in 2018; the company faced fines in the UK for the incident.
Source link
