Attorney General Jonathan Skrmetti announced a $52 million multi-state settlement with Marriott International, Inc. regarding a data breach of the Starwood guest reservation database. The settlement, involving 50 Attorneys General and the Federal Trade Commission, aims to improve Marriott’s data security practices and offer consumer protections. Tennessee will receive $919,043 from the settlement.
The breach, which went undetected from July 2014 until September 2018, affected 131.5 million guest records in the U.S., exposing contact details, birth dates, and a few unencrypted passport numbers and payment card information. The settlement resolves claims that Marriott violated state consumer protection and data security laws by not adequately securing the Starwood database.
Latest TN News
As part of the settlement, Marriott will strengthen its cybersecurity measures with a comprehensive Information Security Program, data minimization, and enhanced consumer data security. This includes regular security reporting, increased employee training, and improved vendor oversight. Additionally, Marriott must perform regular risk assessments and independent security evaluations every two years for 20 years.
Consumers will receive specific protections, such as data deletion and multi-factor authentication for Marriott accounts. The settlement includes participation from states including Alaska, California, Florida, Illinois, and New York. The full settlement details are available here.
Source: Read Original Release