Quantcast

LEGAL NEWSLINE

Thursday, November 7, 2024

Marriott settles with states over Starwood data breach

State AG
Webp h71gb5iyrcm5d4pbagzujmw44tlg

Attorney General Josh Kaul | Attorney General Josh Kaul Office

Attorney General Josh Kaul announced a $52 million settlement with Marriott International, Inc. involving 50 Attorneys General. This agreement addresses a significant data breach in the Starwood guest reservation database, which Marriott acquired in 2016. The Federal Trade Commission also reached a parallel settlement with Marriott.

The breach, undetected from July 2014 to September 2018, compromised 131.5 million guest records in the United States. These records included contact information, dates of birth, and some unencrypted passport numbers and payment card details.

Attorney General Kaul emphasized the importance of protecting consumer information: “Data breaches like this one can result in harm to consumers,” he said.

The settlement resolves allegations that Marriott violated various state laws by not implementing adequate data security measures after acquiring Starwood. Under the agreement's terms, Marriott will enhance its cybersecurity practices through several measures:

- Implementing a comprehensive Information Security Program.

- Adopting data minimization and disposal requirements.

- Strengthening specific security protocols for consumer data.

- Increasing oversight of vendors and franchisees.

- Conducting independent third-party assessments every two years for two decades.

Marriott will also offer additional consumer protections such as multi-factor authentication for loyalty accounts and options for data deletion.

Wisconsin will receive $833,045 from the settlement. Other participating states include Alabama, Arizona, Arkansas, Florida, Nebraska, New Jersey, New York, Ohio, Pennsylvania, Vermont among others.

ORGANIZATIONS IN THIS STORY

More News