Marriott Fined $52 Million for Data Breaches

Marriott International and its subsidiary Starwood Hotels & Resorts will pay a $52 million penalty and enhance their data security measures following a series of significant data breaches that affected over 344 million customers from 2014 to 2020. The Federal Trade Commission (FTC) and a coalition of 49 states and the District of Columbia reached settlements due to Marriott's inadequate security practices, which allowed hackers to access sensitive customer information, including credit card numbers and passport details. The FTC's investigation revealed that Marriott failed to implement basic cybersecurity protocols, including password controls and network monitoring. As part of the settlement, the companies must establish a comprehensive security program and provide U.S. customers with options to delete their personal data. Despite the substantial penalty, analysts note that it represents only a small fraction of Marriott's profits, raising questions about the effectiveness of such fines. The settlements reflect ongoing scrutiny of corporate data security practices and the responsibilities companies have to protect consumer information.