Connect with us

Hi, what are you looking for?

Tech News

Marriott and Starwood hotels will have to get better at data security

Brand logo on a Marriott hotel
A Marriott Hotel in Germany. | Photo by Matthias Balk/picture alliance via Getty Images

The Federal Trade Commission announced on Friday it finalized an order (pdf) requiring Marriott International and subsidiary Starwood Hotels to improve their digital security, reports BleepingComputer. The FTC charged the companies with lax security practices that resulted in three big breaches detected in 2015, 2018, and 2020, “affecting more than 344 million customers worldwide,” leaking passport details, payment cards, and other info.

The shortest breach lasted 14 months before it was detected, while the longest one saw attackers maintain access for four years, starting in 2018. The beefed-up security programs they’ve agreed to establish include creating policies to only keep information for as long as it’s needed and publishing a link allowing US customers to request the deletion of information tied to their email address or loyalty account.

Hotels have been one of many key targets for hackers, with one breach last year catching FTC Chair Lina Khan among the many people left waiting to check in when a ransomware attack forced MGM Resorts to fall back on using pen and paper.

The FTC announced its charges in October, accusing the companies of having “deceived consumers” with false claims of “reasonable and appropriate data security.” Their alleged failures included having bad password and firewall practices and not patching outdated software and systems. The same day the FTC revealed the charges, the Connecticut Attorney General’s office announced Marriott had agreed to a $52 million settlement.

Beyond improving their security, the companies are now forbidden “from misrepresenting how they collect, maintain, use, delete or disclose consumers’ personal information; and the extent to which the companies protect the privacy, security, availability, confidentiality, or integrity of personal information.” Other requirements include that they keep compliance records and submit to FTC inspections. The order will stay in effect for 20 years.

You May Also Like

Tech News

Garmins aren’t just multisport behemoths anymore. | Illustration by Will Joel / The Verge Garmin may be best known for its hardcore fitness watches,...

Tech News

Image: Asus Asus has announced the Asus NUC 14 Pro AI, the first Copilot Plus-capable AI mini PC that crams an Intel Core Ultra...

Politics

President-elect Trump dropped his latest round of nominations Saturday afternoon, including two picks to help lead the Department of Justice (DOJ) and one to...

Politics

Presidents have historically developed their own Christmas traditions as they make their unique marks on the White House during their terms. In recent years,...