If you have been one of the greater than 344 million customers worldwide whose membership accounts and personal information had been compromised, here is some good news for you: Marriott International, Incorporated agreed to pay a $52 million penalty for multiple data breaches that have occurred over the past 15 years. That will teach Marriott a lesson…
$52 Million Penalty For Multiple Data Breaches? That Will Teach Marriott a Lesson…
…and that money will go to 49 states and the District of Columbia.
Furthermore, Marriott International, Incorporated will be required by the Federal Trade Commission to implement a robust information security program to settle charges that the failure of the company to implement reasonable data security led to three large data breaches from 2014 to 2020 that impacted greater than 344 million customers worldwide.
- The first data breach began in June 2014 involving payment card information of greater than 40,000 customers of Starwood Hotels & Resorts Worldwide LLC. The breach was undetected for 14 months until customers were finally notified in November 2015 — only four days after Marriott International, Incorporated announced it was acquiring Starwood.
- The second breach began around July 2014 and was undetected until September 2018. During that time, malicious actors accessed 339 million guest account records of Starwood worldwide — including 5.25 million unencrypted passport numbers.
- The third data breach — which was undetected from September 2018 until February 2020 — impacted Marriott’s own network. Malicious actors accessed 5.2 million guest records worldwide — including data from 1.8 million Americans. The compromised records contained significant amounts of personal information — including:
- Names
- Mailing addresses
- E-mail addresses
- Telephone numbers
- Month and day of birth
- Loyalty membership account information
Marriott International, Incorporated received an alert on Saturday, September 8, 2018 from an internal security tool regarding an attempt to access the Starwood Hotels and Resorts reservation database of customers in the United States. Marriott quickly engaged leading security experts to help determine what occurred and learned during the investigation that there had been unauthorized access to the Starwood Hotels and Resorts network since 2014. The lodging company discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.
As the result of an investigation, officials at Marriott International, Incorporated discovered that “there had been unauthorized access to the Starwood network since 2014” and “believes it contains information on up to approximately 500 million guests who made a reservation at a Starwood property.” This is one of the largest database security incidents of all time — ever.
The entire contents of that letter — as well as the official announcement from Marriott International, Incorporated pertaining to this reservation database security incident — is found at the conclusion of this article if you want to read more information and details about the incident.
On Monday, November 19, 2018, Marriott was able to decrypt the information and determined that the contents were from the guest reservation database of Starwood Hotels and Resorts.
The stock price of Marriott tanked to a new 52-week low of $102.30 per share before recovering to $102.88 per share on Friday, December 21, 2018 — but that is of little comfort to anyone who was adversely affected by this reservation database security incident.
The stock price of Marriott is currently $262.63 per share after reaching an all-time high of $264.14 per share earlier today, Friday, October 11, 2024.
Marriott International, Incorporated agreed in a proposed settlement order with the Federal Trade Commission to provide all its customers in the United States with a way to request deletion of personal information associated with their e-mail addresses or loyalty rewards membership account numbers. Additionally, the proposed settlement requires Marriott to review loyalty rewards membership accounts upon customer request and restore loyalty points that were stolen.
Final Boarding Call
Between the incidents involving Delta Air Lines, Hyatt Corporation, Hilton, Kimpton Hotels and Restaurants, British Airways, Facebook, Equifax, and other various companies over the years, protecting your sensitive information has become almost impossible to do…
…and yet, few measures are in place to rectify the potentially disastrous results which could possibly occur from these data breaches — as though few corporations and government entities are unconcerned about confronting the seriousness of such breaches and attacks.
“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,” Samuel Levine — who is the director of the Bureau of Consumer Protection of the Federal Trade Commission — said in this official press release. “The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe.”
No, it won’t.
Let’s be real here: $52 million is merely a drop in the financial bucket for Marriott International, Incorporated. It is nothing more than the cost of doing business for the multinational lodging company. This entire “settlement” was basically a slap on the wrist.
Greater than 344 million customers — including me, when my Starwood Preferred Guest account was compromised and wiped out back on Friday, January 16, 2015 before the issue was initially resolved six days later — were affected by the data breaches over the years with both Marriott International, Incorporated and Starwood Hotels & Resorts Worldwide LLC. That $52 million comes out to…
…are you ready?…
…approximately 15 cents per person.
Now that you have been compensated, don’t you feel more safe and secure with regard to your personal information and data?
Photograph ©2021 by Brian Cohen.
