In addition to the financial penalties, Marriott is required to improve its cybersecurity practices. The company must offer U.S. customers the option to request the deletion of their personal information, while also certifying compliance with the FTC’s information security standards for the next 20 years. This includes undergoing independent third-party assessments of its cybersecurity program every two years.
The data breaches, primarily involving Marriott’s subsidiary Starwood Hotels and Resorts Worldwide, have been described as some of the worst in the hotel industry. Notably, a 2014 breach of Starwood’s reservation system went undetected for nearly four years, exposing 339 million customer records. Another breach, in 2020, compromised the data of over 5 million Marriott guests.
Despite these settlements, Marriott has denied any liability, asserting that it has made significant investments in strengthening its cybersecurity systems. The company claims that many of the required improvements are already in place or underway.
The settlements highlight the importance of robust cybersecurity, particularly for organizations handling vast amounts of sensitive customer data. Marriott’s case underscores the ongoing need for companies to adapt to evolving cybersecurity threats and to implement comprehensive security measures to protect against data breaches.
Source: Cybersecurity Dive
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.