Marriott Agrees to $52M Data Breach Settlement

Marriott International has agreed to pay a $52 million settlement following multiple data breaches between 2014 and 2020, affecting over 300 million customers globally. The breaches involved the unauthorized access of sensitive data, including passport information, payment card numbers, and personal details, attributed to inadequate security measures by Marriott and its acquired subsidiary, Starwood Hotels. As part of the settlement with the Federal Trade Commission and 50 state attorneys general, Marriott will enhance its cybersecurity practices, offering U.S. customers the ability to request data deletion. The settlement also mandates Marriott to implement a comprehensive information security program and undergo third-party audits. Despite agreeing to the settlement, Marriott made no admission of liability but emphasized ongoing improvements in data security. This case highlights the importance of robust cybersecurity measures in protecting consumer data against evolving cyber threats.