- FTC imposes strict rules on Marriott hotel chain
- Three huge data breaches at Marriott hotels exposed hundreds of millions of customers
- FTC says company failed to implement appropriate security measures
The U.S. Federal Trade Commission (FTC) has required Marriott International and Star Hotels to implement strong customer data security programs after numerous security breaches in recent years.
Between 2015 and 2020, Marriott suffers three major data breachesresulting in the leakage of details of more than 344 million customers around the world, including passport details, payment cards and other personally identifiable information.
Under the ruling, Marriott must now establish and maintain a comprehensive information security program that includes encryption, access controls, multi-factor authentication and incident response. In addition, it must monitor all IT assets to detect security incidents and maintain a policy of retaining personal information only when necessary.
Bad security practices
Information security programs must also be independently evaluated every two years, and any discovered vulnerabilities or security vulnerabilities must be reported to the FTC within 10 days, and the terms will be enforceable for the next 20 years.
Customers now have the option to review their accounts for suspected unauthorized activity and request that their data and personal information be removed from Marriott’s systems.
The company admitted that a major security flaw allowed hackers to access customer data and Failed to use secure encryptionMarriott leaves itself vulnerable to the inevitable large-scale cyberattack.
As a result, it’s estimated that hackers had access to Marriott’s systems for up to four years, and the breaches cost the company money. Fined $52 million by FTC Earlier this year, the FTC said the company tried to cover up the breach and “deceived consumers by claiming to have reasonable and adequate data security.”
through Computer beeps