Image Not FoundImage Not Found

  • Home
  • Computing
  • Marriott and Starwood Ordered to Boost Cybersecurity After Massive Data Breaches
Marriott and Starwood Ordered to Boost Cybersecurity After Massive Data Breaches

Marriott and Starwood Ordered to Boost Cybersecurity After Massive Data Breaches

FTC Orders Marriott and Starwood to Bolster Digital Security After Major Data Breaches

The Federal Trade Commission (FTC) has finalized an order requiring Marriott International and its subsidiary Starwood Hotels to significantly enhance their digital security measures. This decision comes in the wake of charges against the hotel giants for lax security practices that led to substantial data breaches affecting millions of customers worldwide.

Between 2015 and 2020, Marriott and Starwood experienced a series of data breaches that compromised the personal information of over 344 million customers globally. The breaches, lasting from 14 months to four years, exposed sensitive data including passport details and payment card information.

In response to these incidents, the FTC has mandated that Marriott and Starwood implement improved security programs and adopt new policies limiting data retention to necessary durations. Additionally, the companies will be required to provide a link for U.S. customers to request the deletion of data associated with their email or loyalty accounts.

The hotel industry has increasingly become a target for cybercriminals, with recent incidents such as the ransomware attack on MGM Resorts highlighting the sector’s vulnerability. This trend underscores the critical need for robust cybersecurity measures in the hospitality sector.

The FTC’s charges against Marriott and Starwood included accusations of deceiving consumers with false claims of adequate data security. Investigations revealed failures such as poor password practices, inadequate firewalls, and the use of outdated software. In a related development, Marriott agreed to a $52 million settlement with the Connecticut Attorney General’s office.

Under the FTC order, Marriott and Starwood are prohibited from misrepresenting their data handling and security practices. They must maintain compliance records and allow FTC inspections. The order will remain in effect for 20 years, ensuring long-term adherence to improved security standards.

This regulatory action serves as a stark reminder to the hospitality industry of the importance of robust cybersecurity measures and the potential consequences of failing to adequately protect customer data.