Attorney General Keith Ellison announced a settlement with Marriott International, Inc. involving a data breach of the Starwood guest reservation database. The breach, which spanned four years, exposed 131.5 million guest records including sensitive information such as passport numbers and payment card details. The settlement involves Marriott paying $52 million nationally, with Minnesota receiving $814,847.
Ellison stated that "data breaches can put Minnesotans at greater risk of identity theft, targeted scams, and many other kinds of financial harm." He emphasized the importance of companies like Marriott safeguarding consumer data to prevent security breaches.
The breach occurred between July 2014 and September 2018 when intruders accessed the Starwood network without detection. This incident prompted a multi-state investigation by a coalition of 50 state attorneys general. They alleged that Marriott violated consumer protection laws by not implementing adequate data security measures following its acquisition of Starwood in 2016.
Under the settlement terms, Marriott will enhance its cybersecurity practices using a dynamic risk-based approach. The company is required to conduct regular risk assessments and offer specific consumer protections such as data deletion options and multi-factor authentication for loyalty accounts.
Marriott has also agreed to assess the security programs of any entities it acquires in the future to address potential deficiencies during integration into its systems.
With data breaches on the rise, consumers are advised to consider freezing their credit to prevent identity theft. A credit freeze restricts access to an individual's credit report, hindering identity thieves from opening new accounts under their name.
For further protection advice or assistance regarding credit freezes, individuals can contact Experian, Equifax, or TransUnion directly.