Quantcast

Attorneys general reach $52M settlement with Marriott over Starwood data breach

LEGAL NEWSLINE

Thursday, November 28, 2024

Attorneys general reach $52M settlement with Marriott over Starwood data breach

Attorneys & Judges
Webp xqp1nhxziauqy7j1j6hkw5jgcd0x

Attorney General Alan Wilson | Attorney General Alan Wilson, SC

Attorney General Alan Wilson announced a settlement involving Marriott International, Inc. following an investigation into a significant data breach of the Starwood guest reservation database. A coalition of 50 attorneys general and the Federal Trade Commission coordinated closely on this case, leading to parallel settlements. Marriott will pay $52 million to states and enhance its data security practices. South Carolina is set to receive $767,458 from this settlement.

"This case should serve as an important reminder for businesses to take preventive measures to protect the private information of their customers," stated Attorney General Wilson. "Data privacy is one of the most important issues facing consumers right now, and our office will continue to do its part in ensuring the protection of our citizens in this way."

The breach occurred between July 2014 and September 2018 when intruders accessed 131.5 million guest records without detection. The compromised information included contact details, birth dates, reservation data, and some unencrypted passport numbers and payment card details.

Following the announcement of the breach, a multi-state investigation was launched by 50 attorneys general. The settlement addresses allegations that Marriott violated state consumer protection laws by failing to implement adequate data security measures during its integration with Starwood systems.

Marriott has agreed to adopt stronger cybersecurity practices under a risk-based approach which includes annual enterprise-level risk assessments and continuous evaluations for security control changes throughout the year. This strategy must consider potential harm to consumers.

Additionally, Marriott will offer consumers specific protections such as a data deletion option regardless of state law requirements and multi-factor authentication for loyalty accounts like Marriott Bonvoy if suspicious activity occurs.

Connecticut, Maryland, Oregon, along with several other states including Illinois and Texas co-led this multistate investigation supported by an Executive Committee comprising states like Alabama and New York among others.

ORGANIZATIONS IN THIS STORY

More News