Massive Data Breach Went Undetected for Four Years
The breach, which began in 2014 and continued until it was detected in 2018, occurred within the systems of Starwood Hotels, a brand acquired by Marriott in 2016. During this time, intruders accessed unencrypted passport data, payment card information, and personal details of millions of hotel guests. The incident marked one of the largest breaches in hotel industry history.
In response, Attorneys General from across the country launched an extensive investigation. The probe found that Marriott failed to implement sufficient cybersecurity measures during its integration of Starwood’s network, leaving it vulnerable to attack.
Michigan Among States to Receive Over $1 Million in Settlement
Michigan Attorney General Dana Nessel emphasized the importance of robust cybersecurity practices in the wake of this settlement. "Companies we trust with our sensitive information must prioritize safeguarding that data," said Nessel. Under the terms of the settlement, Marriott must implement enhanced security practices, including regular risk assessments and improved data encryption techniques, to prevent future breaches.
Michigan’s share of the $52 million settlement, totaling $1.2 million, is intended to help protect residents from further data breaches, which have become a growing concern. Nessel has been a vocal advocate for stronger consumer protection laws in Michigan, pushing for legislation requiring companies to notify the state’s Attorney General of data breaches affecting more than 100 people within 45 days.
The investigation into Marriott's practices was led by a coalition of Attorneys General from Connecticut, Maryland, and Oregon, with support from numerous other states. The coalition found that Marriott had violated several state consumer protection and data breach notification laws by failing to maintain appropriate security protocols and neglecting to remediate known security vulnerabilities.
Beyond financial penalties, the settlement includes extensive mandates for Marriott. The hotel chain must implement an Information Security Program that includes zero-trust principles, stronger employee training, and oversight from the highest levels of management. Marriott is also required to strengthen its vendor and franchisee oversight, ensuring that third parties adhere to strict cybersecurity standards.
Broader Context: Surge in Data Breaches Demands Stronger Laws
The Marriott breach is just one in a growing wave of cybersecurity incidents affecting Michigan residents. Recently, Michigan’s Attorney General raised concerns about several large-scale breaches, including those at McLaren Health Care and Change Healthcare, which exposed millions of patient records. Nessel has repeatedly called for stronger state laws to address the escalating frequency and severity of these breaches.
With cyberattacks on the rise, the Marriott case underscores the critical need for companies to adopt more aggressive cybersecurity measures. The settlement requires Marriott to undergo independent third-party assessments of its security practices every two years for the next two decades, further emphasizing the long-term nature of this agreement.
Your Turn - Like This, or Hate It - We Want To Hear From You
Please offer an insightful and thoughtful comment. Idiotic, profane, or threatening comments are eliminated without remorse. Consider sharing this story. Follow us to have other feature stories fill up your Newsbreak feed from ThumbWind Publications.
Follow Hurricane Milton's Impact On Florida With Live Webcams
Get updates delivered to you daily. Free and customizable.
It’s essential to note our commitment to transparency:
Our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. As a platform hosting over 100,000 pieces of content published daily, we cannot pre-vet content, but we strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation.
Comments / 0