The FTC claimed the multiple breaches Marriott suffered in the previous decade affected more than 300 million customers around the world, giving threat actors access to passport information, payment card numbers, loyalty numbers, DoBs, and email addresses.
In a statement acknowledging the settlement, Marriott said it will "continue implementing enhancements to its data privacy and information security programs, many of which are already in place or in progress".
Marriott failed to carry out due diligence on Starwood's cyber posture, allowing breaches to persist. Basic measures like password protection and network monitoring were insufficient to prevent access.
Experts have warned that the case underscores the risks attached with not conducting adequate steps to mitigate cyber risks when acquiring new entities.
[
Collection
]
[
|
...
]