Marriott Faces $52 Million Fine Over Massive Data Breaches

The hospitality giant settles with the FTC and state attorneys general after failing to protect customer data in breaches affecting over 344 million people.

Marriott International has agreed to a $52 million settlement to resolve allegations of inadequate data security practices leading to multiple breaches between 2014 and 2020.
The Federal Trade Commission and a coalition of 49 state attorneys general conducted parallel investigations into the breaches, which compromised sensitive information including passport and payment card data.
As part of the settlement, Marriott must implement a comprehensive information security program and provide U.S. customers the option to delete personal data linked to their accounts.
The breaches primarily stemmed from security failures at Starwood Hotels, acquired by Marriott in 2016, exposing the data of hundreds of millions of guests worldwide.
Despite the settlement, Marriott made no admission of liability, but has committed to enhancing its cybersecurity measures to prevent future incidents.