Marriott n Starwood have reached an agreement to pay a substantial penalty of $51 million following their failure to adequately protect user information during a significant data breach. This penalty will be allocated to approximately 341 million individuals affected across all 50 states in the U.S., as part of a settlement related to three separate data breaches that occurred between 2013 and 2020.
In addition to the financial settlement, the hospitality giant has committed to enhancing its cybersecurity measures. Marriott will produce a comprehensive report on its cybersecurity practices, detailing the implementation of its Information Security program. Furthermore, for the next two decades, Marriott will provide a certificate of compliance to the Federal Trade Commission (FTC), supplemented by an annual third-party audit report from an independent firm.
Following a legal review of the data breaches, the FTC has mandated that Marriott offer a “delete” button for customers, enabling them to remove their personal information from the Marriott Bonvoy Loyalty Rewards accounts.
Interestingly, Marriott has also recently faced another cybersecurity incident. Reports surfaced claiming that hackers had infiltrated the hotel chain’s database, allegedly obtaining around 20GB of sensitive data, including guests’ credit card information from bookings. Although Marriott denied being compromised by this attack in June 2022, it was reported that an employee at the BWI Airport Marriott in Baltimore fell victim to a social engineering scheme that potentially led to this new breach.
This ongoing saga underscores the critical importance of robust cybersecurity measures in the hospitality industry, particularly as data breaches become increasingly common.
The post Marriott agrees to pay $50 million to its users of 50 states for data breach appeared first on Cybersecurity Insiders.
October 10, 2024 at 08:44PM
0 comments:
Post a Comment