{"id":2997,"date":"2024-10-11T22:06:49","date_gmt":"2024-10-11T22:06:49","guid":{"rendered":"https:\/\/usatrustedlawyers.com\/blog\/marriotts-52m-data-breach-settlement-points-to-emerging-trend\/"},"modified":"2024-10-11T22:06:49","modified_gmt":"2024-10-11T22:06:49","slug":"marriotts-52m-data-breach-settlement-points-to-emerging-trend","status":"publish","type":"post","link":"https:\/\/usatrustedlawyers.com\/blog\/marriotts-52m-data-breach-settlement-points-to-emerging-trend\/","title":{"rendered":"Marriott’s $52M Data Breach Settlement Points to Emerging Trend"},"content":{"rendered":"\n
\n
\n

Marriott International and its subsidiary, Starwood Hotels & Resorts Worldwide, have reached agreements with the Federal Trade Commission and 49 state attorneys general regarding a massive data breach involving its hotels.<\/p>\n<\/div>\n

<\/p>\n

\n

And some observers think the deal could be a sign of an emerging trend.<\/p>\n<\/div>\n

<\/p>\n

\n

Under the\u00a0agreement, the hotel operator will pay $52 million without admitting liability for the underlying allegations.<\/p>\n<\/div>\n

<\/p>\n

\n

The complaints said multiple data breaches occurred between 2014 and 2020, impacting more than 344 million customers globally.<\/p>\n<\/div>\n

<\/p>\n

\n

As part of the settlement with the FTC, Marriott and Starwood must implement a comprehensive information security program designed to enhance data protection across their hotel networks worldwide.<\/p>\n<\/div>\n

<\/p>\n

\n

_____________________________________________________________________________________________________<\/p>\n<\/p><\/div>\n

<\/p>\n

\n

<\/figure>\n\n
This action<\/a> was surfaced by Law.com Radar, <\/a>which delivers artificial intelligence-enhanced case summaries and daily case reports from more than 2,200 state and federal courts. Click here to get started and be among the first to act on opportunities in your region, practice area, or client sector. <\/figure>\n

_____________________________________________________________________________________________________ <\/p>\n<\/div>\n

<\/p>\n

\n

‘States Are Becoming Much More Aggressive’<\/h2>\n

Kelley Kronenberg partner Timothy Shields points\u00a0out that this development highlights government efforts to combat data breaches.<\/p>\n<\/p><\/div>\n

<\/p>\n

\n

\"\" Kelley Kronenberg partner Timothy Shields. Courtesy photo <\/figure>\n<\/p>\n<\/div>\n

<\/p>\n

\n

“Individual states are becoming much more aggressive in addressing data privacy concerns absent a federal consumer data privacy law,” Shields said.<\/p>\n<\/div>\n

<\/p>\n

\n

While not involved in the FTC action,\u00a0the Broward attorney’s practice focuses\u00a0on technology and intellectual property, including copyright, trademark, the digital economy, data privacy and data breach response.<\/p>\n<\/div>\n

<\/p>\n

\n

“I see this trend continuing over the next several years,” Shields said. “The agreement with the FTC outlines several cybersecurity steps for Marriott, which really are just standard best practices any organization should already be doing themselves or in partnership with a cybersecurity professional.”<\/p>\n<\/div>\n

<\/p>\n

\n

When contacted, Marriott said as part of the resolutions with the FTC and the state attorneys general,\u00a0it will continue implementing enhancements to its data privacy and information security programs, many of which are already in place or in progress.<\/p>\n<\/div>\n

<\/p>\n

\n

“For example, Marriott is offering U.S. customers a process to request deletion of their personal information, offering an online portal for Marriott\u00a0Bonvoy\u00ae\u00a0members to report potentially suspicious loyalty account activity,\u00a0and\u00a0implementing a multi-factor authentication option for Marriott\u00a0Bonvoy\u00ae\u00a0accounts,” the company statement<\/a> read.<\/p>\n<\/div>\n

<\/p>\n

\n

Marriott and Starwood also agreed to provide all its U.S. customers with a way\u00a0to delete personal information\u00a0associated with their email address or loyalty rewards account number.<\/p>\n<\/div>\n

<\/p>\n

\n

In addition, the proposed settlement requires Marriott to review loyalty rewards accounts on\u00a0customer\u00a0request and restore stolen loyalty points.<\/p>\n<\/p><\/div>\n

<\/p>\n

\n

\"\" Federal Trade Commission building. Photo by Diego M. Radzinschi\/ALM <\/figure>\n<\/p>\n<\/div>\n

<\/p>\n

\n

“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,” said Samuel Levine, director of the FTC’s Bureau of Consumer Protection. “The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe.”<\/p>\n<\/div>\n

<\/p>\n

\n

The FTC and the states worked in parallel on the investigation.<\/p>\n<\/div>\n

<\/p>\n

\n

According to the FTC, it does not have legal authority to obtain civil penalties in this case.<\/p>\n