Samuel Levine, director of the FTC's Bureau of Consumer Protection, stated, "Marriott's poor security practices led to multiple breaches affecting hundreds of millions of customers. The FTC's action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe."
The FTC's complaint highlighted Marriott's deceptive practices, emphasizing that the company falsely claimed to have reasonable data security measures while failing to implement basic controls such as proper password management and outdated software patches.
In a significant breach discovered in 2020, hackers accessed approximately 20GB of sensitive data from the BWI Airport Marriott, compromising business documents and customer payment information, including credit card details.
As part of the settlement, Marriott must provide US customers with the option to request the deletion of personal information linked to their accounts, addressing concerns over compromised passport details, credit/debit card numbers, and other sensitive information.
[
Collection
]
[
|
...
]