The FTC is imposing strict rules on the Marriott Hotel chainThree huge data breaches from the Marriott led to hundreds of millions of customers being exposedFTC says the company failed to implement proper security measures

The Federal Trade Commission (FTC) has directed Marriott International and Starwood Hotels to strengthen their customer data security practices following a series of significant security lapses in recent years.

From 2015 to 2020, Marriott experienced three major data breaches, which compromised the personal information of over 344 million customers globally. This included sensitive data such as passport information, credit card details, and other identifiable information.

Under the new FTC ruling, Marriott is now required to create and sustain a comprehensive information security program, which must incorporate strong encryption, access controls, multifactor authentication, and a well-defined incident response strategy. In addition, continuous monitoring of all IT assets for security threats is mandated, along with protocols for retaining personal data only as long as necessary.

Poor security practices

The ruling also stipulates that Marriott conduct independent assessments of its information security measures every two years. Any identified security vulnerabilities or breaches must be reported to the FTC within a 10-day timeframe. These regulations will be in effect for the next two decades.

Customers will now have the ability to review potential unauthorized activities in their accounts and request the deletion of their data and personal information from Marriott’s systems.

Marriott acknowledged that serious security shortcomings contributed to the breaches, as a lack of secure encryption left the company’s data vulnerable to cyberattacks. It is estimated that hackers had illicit access to Marriott systems for as long as four years. Earlier this year, the FTC imposed a $52 million fine on the company, stating that Marriott attempted to conceal the breaches and “misled consumers by asserting they had adequate and appropriate data security.”

Via BleepingComputer

Source
www.techradar.com

FTC Directs Marriott and Starwood to Enhance Cybersecurity after Significant Breaches

Poor security practices

You might also like

AI Tools to Streamline Complex Tasks and Ignite Creativity

PlayStation Plus May Monthly Games Feature Balatro and Ark: Survival Ascended

Trump Administration Claims Amazon is Collaborating with ‘Chinese Propaganda Entity’ Amid Tariff Discussions

Wildfires Erupt in Israel, Forcing Cancellation of Independence Day Celebrations

PETA Calls for MrBeast to “Leave Animals Alone” After 100 Men vs. Gorilla Video Sparks Controversy

10 Must-See Dark Fantasy Films for Fans of ‘Game of Thrones’

Breaking news

Wildfires Erupt in Israel, Forcing Cancellation of Independence Day Celebrations

King Charles III Shares Insights on His Cancer Diagnosis and Treatment Journey

Syria: UN Envoy Issues Warning on Rising Violence

Ex-Alberta Minister Peter Guthrie Presents Cabinet Notes, Advocates for Transparency

US and Ukraine Move Closer to Critical Minerals Agreement

Ukraine and U.S. Officials Near Agreement on Mineral Deal

Rakhee Gulzar Makes Rare Public Appearance, Declines Bollywood Comeback | Watch Now