Connect with us

Hi, what are you looking for?

CrazyFlux.comCrazyFlux.com

Tech News

Marriott and Starwood hotels will have to get better at data security

Brand logo on a Marriott hotel
A Marriott Hotel in Germany. | Photo by Matthias Balk/picture alliance via Getty Images

The Federal Trade Commission announced on Friday it finalized an order (pdf) requiring Marriott International and subsidiary Starwood Hotels to improve their digital security, reports BleepingComputer. The FTC charged the companies with lax security practices that resulted in three big breaches detected in 2015, 2018, and 2020, “affecting more than 344 million customers worldwide,” leaking passport details, payment cards, and other info.

The shortest breach lasted 14 months before it was detected, while the longest one saw attackers maintain access for four years, starting in 2018. The beefed-up security programs they’ve agreed to establish include creating policies to only keep information for as long as it’s needed and publishing a link allowing US customers to request the deletion of information tied to their email address or loyalty account.

Hotels have been one of many key targets for hackers, with one breach last year catching FTC Chair Lina Khan among the many people left waiting to check in when a ransomware attack forced MGM Resorts to fall back on using pen and paper.

The FTC announced its charges in October, accusing the companies of having “deceived consumers” with false claims of “reasonable and appropriate data security.” Their alleged failures included having bad password and firewall practices and not patching outdated software and systems. The same day the FTC revealed the charges, the Connecticut Attorney General’s office announced Marriott had agreed to a $52 million settlement.

Beyond improving their security, the companies are now forbidden “from misrepresenting how they collect, maintain, use, delete or disclose consumers’ personal information; and the extent to which the companies protect the privacy, security, availability, confidentiality, or integrity of personal information.” Other requirements include that they keep compliance records and submit to FTC inspections. The order will stay in effect for 20 years.

You May Also Like

World News

Post Content

Editor's Pick

Walter Olson Voters in ten or so states this month turned down proposals to change the way elections are held, and reformers will be...

World News

Mainstream economists today examine economic phenomena from a “black box” perspective in which they look at inputs and outputs without trying to understand causal...

Editor's Pick

In a truncated trading week, the Indian equities closed the week with gains thanks to a robust technical rebound that it witnessed on Friday....