FTC finalizes order with Marriott, subsidiary to address security failures

The Federal Trade Commission announced it has finalized an order requiring Marriott (MAR) International, and its subsidiary Starwood Hotels & Resorts Worldwide, to implement a comprehensive information security program to settle charges that the companies failed to implement reasonable data security, which led to three large data breaches affecting more than 344 million customers worldwide. “In a complaint first announced in October, the FTC charged that Marriott and Starwood deceived consumers by claiming to have reasonable and appropriate data security, when they in fact failed to deploy reasonable security to protect consumers’ personal information. These security failures resulted in at least three separate data breaches that enabled malicious actors to obtain vast amounts of personal information from hundreds of millions of consumers, including passport information, payment card numbers, and loyalty numbers, according to the complaint,” the FTC stated.