The FTC orders Marriott and Starwood to beef up their data security

Federal Trade Commission declare Friday finalized Order (pdf) Marriott International and its subsidiary Starwood Hotels are being asked to improve their digital security, Report Computer beeps. The FTC accused the companies of lax security measures, which led to the detection of three major breaches in 2015, 2018 and 2020 that “impacted more than 344 million customers worldwide” and exposed passport details, payment cards and other information.

The shortest breach lasted 14 months before being detected, while the longest breach began in 2018 and the attackers maintained access for four years. takes it and posts a link that allows U.S. customers to request deletion of information associated with their email address or loyalty account.

Hotels have been one of many key targets for hackers, with a breach last year that linked FTC Chairman Lina Khan to a ransomware attack that forced many people to stay and wait to check in. MGM Resorts Rely on pen and paper.

U.S. Federal Trade Commission (FTC) announces charges Octoberaccusing these companies of “deceiving consumers” with false claims of “reasonable and appropriate data security.” Their alleged failures include using poor passwords and firewall practices, and failing to patch outdated software and systems. On the same day the FTC announced its charges, the Connecticut Attorney General’s Office announced that Marriott had agreed to pay a $52 million settlement.

In addition to improving security, the companies are now prohibited from “misrepresenting how they collect, maintain, use, delete, or disclose consumers’ personal information; and the company’s ability to protect the privacy, security, availability, confidentiality, or integrity of personal information.” degree. Other requirements include that they maintain compliance records and submit them to the Federal Trade Commission for inspection. The order is valid for 20 years.