federal trade commission announced It was finalized on Friday an order (PDF) Marriott International and subsidiary Starwood Hotels need to improve their digital security, reports bleepingcomputer, The FTC accused the companies of lax security practices, resulting in three major breaches in 2015, 2018 and 2020 that “impacted more than 344 million customers worldwide,” in which passport details, payment card and other information were leaked. .
The shortest breach lasted 14 months before being discovered, while in the longest the attackers maintained access for four years, starting in 2018. The security programs they have agreed to put in place include creating policies to keep information only for as long as it is needed and publishing a link allowing US customers to request the removal of information associated with their email address or loyalty account. allows for.
Hotels have been one of many prime targets for hackers, with FTC chairwoman Lina Khan caught up in a breach last year, with many waiting to be investigated after a ransomware attack. MGM Resorts Falling back on using pen and paper.
FTC announces its charges octoberAccused the companies of “deceiving consumers” with false claims of “fair and reasonable data protection”. Their alleged failures included poor password and firewall practices and not patching outdated software and systems. The same day the FTC disclosed the allegations, the Connecticut Attorney General's Office announced that Marriott had agreed to a $52 million settlement.
In addition to improving their security, companies are now also prohibited from “misrepresenting how they collect, retain, use, delete or disclose consumers' personal information”; and the extent to which companies protect the confidentiality, security, availability, confidentiality or integrity of personal information. Other requirements include that they keep compliance records and submit to FTC inspections. This order will remain effective for 20 years.