WASHINGTON, D.C. — The Federal Trade Commission (FTC) has finalized an order requiring Marriott International, Inc. and its subsidiary, Starwood Hotels & Resorts Worldwide LLC, to implement stringent data security measures following major security failures that exposed the personal information of over 344 million customers globally.
The FTC’s complaint, originally announced in October, outlined a series of allegations against the companies. It charged Marriott and Starwood with deceiving consumers by claiming to have “reasonable and appropriate” data security practices while failing to implement adequate protections. This negligence led to at least three separate breaches, during which hackers accessed sensitive customer data, including passport numbers, payment card information, and loyalty account details.
Under the terms of the finalized order, Marriott and Starwood must establish a comprehensive information security program designed to safeguard personal data. This includes measures to limit the retention of personal information to only what is necessary, as well as providing U.S. customers an option to request the deletion of their personal data via a dedicated webpage.
Additionally, the companies are required to investigate and resolve issues related to stolen loyalty rewards points upon customer request. To prevent future incidents, the order prohibits Marriott and Starwood from misrepresenting their data privacy and security practices, including how they collect, use, or safeguard customer information.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.