BALTIMORE, MD—Marriott International, Inc. has agreed to a $52 million settlement with 50 U.S. attorneys general, including Maryland Attorney General Anthony G. Brown, following a multi-year data breach affecting 131.5 million guests. The settlement resolves allegations that Marriott violated state consumer protection and data security laws by failing to prevent the breach, which occurred between July 2014 and September 2018.
The breach, impacting both Starwood and Marriott guests, exposed personal information including contact details, gender, dates of birth, reservation information, hotel stay preferences, and a limited number of unencrypted passport numbers and unexpired payment card information. The attorneys general allege that Marriott misrepresented the strength of its data security measures protecting consumer information.
Maryland, along with Connecticut, Oregon, the District of Columbia, Illinois, Louisiana, Massachusetts, North Carolina, and Texas, co-led the investigation.
“Marylanders should not have to choose between staying in a hotel and protecting their privacy,” said Attorney General Brown. “This settlement ensures that Marriott hotel guests can rest easy knowing that their personal data will be better protected moving forward.”
Under the settlement terms, Marriott must strengthen its cybersecurity practices, implement a comprehensive information security program, and enhance employee training on data handling. The company has also agreed to data minimization and disposal requirements, improved vendor and franchisee oversight, and regular third-party evaluations of its information security program for a period of 20 years.
Marriott will also offer consumers a data deletion option, multi-factor authentication for loyalty rewards accounts, and reviews of these accounts for suspicious activity.
Maryland will receive $2,214,224 from the settlement.
This article was written with the assistance of AI and reviewed by a human editor.
Photo by Sora Shimazaki from Pexels
Do you value local journalism? Support NottinghamMD.com today.