Quantcast

Marriott agrees to $52M settlement over Starwood data breach

LEGAL NEWSLINE

Sunday, December 22, 2024

Marriott agrees to $52M settlement over Starwood data breach

State AG
Webp 19r0oqaj58bgj6fifr168hdk0mti

Attorney General Ellen Rosenblum | Official Website

Oregon Attorney General Ellen Rosenblum announced a settlement involving Marriott International, Inc. regarding a significant data breach affecting its Starwood system databases. The breach, which spanned four years, led to the exposure of 131.5 million guest records in the United States. The Federal Trade Commission coordinated with 50 states on this settlement, resulting in Marriott agreeing to pay $52 million and enhance its data security practices.

As one of the leading states in this case, Oregon will receive approximately $2.1 million from the settlement. These funds will support the Oregon Department of Justice's investigative and consumer protection efforts.

“Marriott failed to live up to basic data security protocols,” stated Attorney General Rosenblum. She highlighted that had Marriott adhered to its own information security policies after acquiring Starwood in 2016, much of the intrusion could have been prevented.

The breach occurred between July 2014 and September 2018 and involved various types of personal information such as contact details, dates of birth, and some unencrypted passport numbers and payment card information.

Under the settlement terms, Marriott is required to strengthen its cybersecurity measures by implementing a comprehensive Information Security Program and conducting regular risk assessments. These measures include incorporating zero-trust principles, enhanced employee training on data handling and security, encryption requirements, vendor oversight, and independent third-party assessments every two years for 20 years.

Consumers will benefit from specific protections such as a data deletion option and multi-factor authentication for loyalty rewards accounts like Marriott Bonvoy.

Connecticut, Maryland, Oregon along with several other states co-led the investigation into this breach. AG Rosenblum acknowledged the efforts of Oregon DOJ lawyers led by Kristen Hilton in achieving this resolution.

ORGANIZATIONS IN THIS STORY

More News