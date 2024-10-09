Skift Take
Marriott will now allow U.S. customers to request the deletion of their personal information and review loyalty accounts and restore any stolen points.
The U.S. Federal Trade Commission (FTC) said Wednesday it’s requiring Marriott to put in place a new data security program following three breaches from 2014 to 2020 that affected over 300 million people worldwide.
Separately, Marriott agreed Wednesday to pay $52 million to 49 states and D.C. to settle charges brought by state attorneys general about data security. The deal relates to a database security incident in 2018 in the guest reservations system of Starwood, a hotel group it had just acquired.
“As part of the resolutions with the FTC and the State Attorneys General, Marriott will continue implementing enhancements to its data privacy and information security programs, many of which are already in place or in progress,” a Marriott spokesperson said. “Protecting guests’ personal data remains a top priority for Marriott. … Marriott makes no admission of liability.”
Details
- Marriott has agreed to provide U.S. customers with a way to request the deletion of personal information linked to email or loyalty accounts.
- The company will also review loyalty accounts upon request and restore any stolen points.
What They’re Saying
This settlement follows a 2020 London class action suit demanding compensation for one of the largest data breaches in history
What’s next: Marriott must demonstrate improved data security practices across its hotel network.
