close
close

Marriott and Starwood reach consent agreement with FTC over data breaches | Robinson+Cole Data Privacy + Security Insider

BY Thesio
Marriott and Starwood reach consent agreement with FTC over data breaches | Robinson+Cole Data Privacy + Security Insider

This week, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC (collectively, Marriott) agreed to settle the terms of a settlement order with the Federal Trade Commission (FTC) for their alleged failures to implement reasonable security measures which in turn led to three data breaches between 2014 and 2020, affecting over 344 million consumers across the world. The types of data affected included names, passport information, payment card numbers, loyalty numbers, dates of birth, email addresses and other types of personal information. Specifically, the FTC alleged that Marriott failed to implement appropriate password controls, access controls, firewall controls, or network segmentation; fix outdated software and systems; adequately record and monitor network environments; or deploy adequate multi-factor authentication.

Pursuant to the order, Marriott:

  • Provide all U.S. consumers with a way to request deletion of their personal information;
  • Allow all U.S. consumers to review their loyalty rewards accounts upon request and reinstate loyalty points if those points were stolen as a result of the violation(s);
  • Clearly and transparently disclose to consumers how Marriott collects, maintains, uses, deletes and discloses consumers’ personal information;
  • Minimize the retention of personal information only for as long as that information is necessary to fulfill the purpose for which it was collected;
  • Implement and maintain a comprehensive information security program and certify compliance to the FTC annually for 20 years; And,
  • Submit to an independent third-party security risk assessment every two years;

The FTC does not have the legal authority to require Marriott to pay civil penalties in this case. Additionally, this week, Marriott agreed to pay a $52 million fine to 49 states and the District of Columbia to resolve similar data security allegations made by state regulators.

(See source.)

Related Posts

Throw away the patch! How to Attack Solarwinds Web Help Desk
aecifo

Throw away the patch! How to Attack Solarwinds Web Help Desk

In a recent attack, a timing scheme, Solarwinds Web Help Desk (WHD) administrators must be connected to active support. Now you can avoid any damage and handling of the dates beforehand. Anzeige Insta

“No load reduction” during matric exams that require energy
aecifo

“No load reduction” during matric exams that require energy

Education Minister Siviwe Gwarube also urged communities not to protest during the matric exams, which begin on Monday. The Department of Basic Education said it had been reassured by power company Es

Mallikarjun Kharge returns Karnataka allotted land amid probe into Muda ‘scams’
aecifo

Mallikarjun Kharge returns Karnataka allotted land amid probe into Muda ‘scams’

Congress president Mallikarjun Kharge and his family have decided to return the five acres of land allotted to the Siddhartha Vihar Trust, which belongs to the Kharge family, amid an ongoing probe int

Copyright © 2024 | WordPress Theme: Xews Lite