The FTC orders Marriott and Starwood to beef up their data security

Share via:


The Federal Trade Commission announced on Friday it finalized an order (pdf) requiring Marriott International and subsidiary Starwood Hotels to improve their digital security, reports BleepingComputer. The FTC charged the companies with lax security practices that resulted in three big breaches detected in 2015, 2018, and 2020, “affecting more than 344 million customers worldwide,” leaking passport details, payment cards, and other info.

The shortest breach lasted 14 months before it was detected, while the longest one saw attackers maintain access for four years, starting in 2018. The beefed-up security programs they’ve agreed to establish include creating policies to only keep information for as long as it’s needed and publishing a link allowing US customers to request the deletion of information tied to their email address or loyalty account.

Hotels have been one of many key targets for hackers, with one breach last year catching FTC Chair Lina Khan among the many people left waiting to check in when a ransomware attack forced MGM Resorts to fall back on using pen and paper.

The FTC announced its charges in October, accusing the companies of having “deceived consumers” with false claims of “reasonable and appropriate data security.” Their alleged failures included having bad password and firewall practices and not patching outdated software and systems. The same day the FTC revealed the charges, the Connecticut Attorney General’s office announced Marriott had agreed to a $52 million settlement.

Beyond improving their security, the companies are now forbidden “from misrepresenting how they collect, maintain, use, delete or disclose consumers’ personal information; and the extent to which the companies protect the privacy, security, availability, confidentiality, or integrity of personal information.” Other requirements include that they keep compliance records and submit to FTC inspections. The order will stay in effect for 20 years.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

The FTC orders Marriott and Starwood to beef up their data security


The Federal Trade Commission announced on Friday it finalized an order (pdf) requiring Marriott International and subsidiary Starwood Hotels to improve their digital security, reports BleepingComputer. The FTC charged the companies with lax security practices that resulted in three big breaches detected in 2015, 2018, and 2020, “affecting more than 344 million customers worldwide,” leaking passport details, payment cards, and other info.

The shortest breach lasted 14 months before it was detected, while the longest one saw attackers maintain access for four years, starting in 2018. The beefed-up security programs they’ve agreed to establish include creating policies to only keep information for as long as it’s needed and publishing a link allowing US customers to request the deletion of information tied to their email address or loyalty account.

Hotels have been one of many key targets for hackers, with one breach last year catching FTC Chair Lina Khan among the many people left waiting to check in when a ransomware attack forced MGM Resorts to fall back on using pen and paper.

The FTC announced its charges in October, accusing the companies of having “deceived consumers” with false claims of “reasonable and appropriate data security.” Their alleged failures included having bad password and firewall practices and not patching outdated software and systems. The same day the FTC revealed the charges, the Connecticut Attorney General’s office announced Marriott had agreed to a $52 million settlement.

Beyond improving their security, the companies are now forbidden “from misrepresenting how they collect, maintain, use, delete or disclose consumers’ personal information; and the extent to which the companies protect the privacy, security, availability, confidentiality, or integrity of personal information.” Other requirements include that they keep compliance records and submit to FTC inspections. The order will stay in effect for 20 years.



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

A comprehensive list of 2024 tech layoffs

The tech layoff wave is still going strong...

2025 Will Be A Record-Breaking Year For Startup IPOs

India’s new-age tech IPO market saw a massive...

Provide Tech To Help Retailers Fight Q-Com Giants:FRAI To...

SUMMARY The FRAI said that there is a need...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!