/cdn.vox-cdn.com/uploads/chorus_asset/file/25803928/2180591145.jpg?w=1536&resize=1536,0&ssl=1 "FTC orders Marriott and Starwood to tighten data security")
Federal Trade Commission announced it ended on friday order (pdf) Marriott International and subsidiary Starwood Hotels required to improve digital security; report peepee computer. The FTC said three large-scale breaches were discovered in 2015, 2018, and 2020 that “affected more than 344 million customers worldwide,” and that data such as passport details, payment cards, and other Both companies were accused of lax security practices that led to the information leak.
The shortest breach lasted 14 months before being detected, while the longest breach saw attackers maintain access for four years starting in 2018. The enhanced security program we have agreed to establish includes the creation of policies that will only retain information for certain periods of time. This is required and requires publishing a link where U.S. customers can request deletion of their email address or information associated with their loyalty account.
Hotels are one of hackers’ primary targets, and when a ransomware attack forced MGM Resorts to resort to pen-and-paper last year, many people waiting to check in were among those waiting to check in. There was an incident in which the committee chairperson, Rina Khan, broke into the building.
FTC announced charges Octoberaccused the companies of “deceiving consumers” with false claims of “reasonable and appropriate data security.” Their alleged failures include improper use of passwords and firewalls, and failure to patch outdated software and systems. On the same day the FTC disclosed its charges, the Connecticut Attorney General’s Office announced that Marriott had agreed to a $52 million settlement.
In addition to improving security, companies are now prohibited from “misrepresenting how they collect, maintain, use, delete, or disclose consumers’ personal information.” The extent to which the company protects the privacy, security, availability, confidentiality, and integrity of personal information. ” Other requirements include maintaining compliance records and submitting them to FTC inspection. The order will remain in effect for 20 years.
