FTC Orders Marriott to Revamp Data Security

The U.S. Federal Trade Commission (FTC) has mandated Marriott International and its subsidiary, Starwood Hotels & Resorts Worldwide, to implement a comprehensive data security program following multiple data breaches between 2014 and 2020 that affected over 344 million customers. As part of the settlement, Marriott will pay a $52 million fine to 49 states and the District of Columbia for failing to secure customer data adequately. The FTC highlighted that Marriott's lax security practices were at the root of these breaches, prompting the need for better protections. Additionally, Marriott will provide U.S. customers the option to delete their personal information and will review loyalty accounts upon request. Although Marriott stated it would enhance its data security measures, it maintains no admission of liability regarding the breaches. The settlement is seen as a critical step to ensure improved cybersecurity practices in the hospitality industry.