Marriott And Starwood Hotels Face Growing Scrutiny Over Data Security Failures

The Federal Trade Commission (FTC) has finalized an order requiring Marriott International and its subsidiary Starwood Hotels to significantly bolster their digital security measures in response to three major breaches detected between 2015 and 2020, which affected over 344 million customers worldwide.

According to reports from BleepingComputer, the FTC’s charges stemmed from lax security practices that led to the unauthorized disclosure of sensitive information, including passport details, payment cards, and other personal data. The shortest breach lasted a mere 14 months before it was detected, while the longest one persisted for four years, starting in 2018.

As part of their agreed-upon security programs, Marriott and Starwood Hotels must now establish policies to limit the duration of customer data retention, ensuring that information is only kept for as long as necessary. They will also publish a link allowing US customers to request the deletion of personal data tied to their email address or loyalty account.

The FTC’s actions follow a pattern of increasing scrutiny of hotels and other key targets for hackers. The announcement coincided with the Connecticut Attorney General’s office revealing that Marriott had agreed to a $52 million settlement, underscoring the growing recognition of data security as a critical concern for businesses and consumers alike.

This development underscores the need for robust cybersecurity measures, particularly in the wake of a ransomware attack on MGM Resorts last year. The FTC’s efforts aim to promote transparency and accountability, ultimately safeguarding the personal data of millions of customers worldwide. By establishing clear protocols and guidelines, Marriott and Starwood Hotels can work towards rebuilding trust with their clients and demonstrating a commitment to protecting sensitive information.