Marriott’s Data Leak Disaster: 131 Million Guests Left Exposed Including Many From Michigan

Photo byTowfiqu barbhuiyaonUnsplash

Marriott reaches $52 million settlement after a multi-state probe into one of the largest data breaches in history, affecting 131.5 million records.

In a major legal settlement announced this week, Marriott International, Inc. has agreed to pay $52 million following a multi-year investigation by 50 state Attorneys General into a massive data breach of its Starwood guest reservation database. The breach, which went undetected for nearly four years, compromised the sensitive information of 131.5 million customers, including contact details, passport numbers, and payment information. Michigan Attorney General Dana Nessel announced that Michigan will receive $1.2 million from the settlement, aimed at bolstering cybersecurity measures and protecting consumer data in the future.

Massive Data Breach Went Undetected for Four Years

The breach, which began in 2014 and continued until it was detected in 2018, occurred within the systems of Starwood Hotels, a brand acquired by Marriott in 2016. During this time, intruders accessed unencrypted passport data, payment card information, and personal details of millions of hotel guests. The incident marked one of the largest breaches in hotel industry history.

In response, Attorneys General from across the country launched an extensive investigation. The probe found that Marriott failed to implement sufficient cybersecurity measures during its integration of Starwood’s network, leaving it vulnerable to attack.

Michigan Among States to Receive Over $1 Million in Settlement

Michigan Attorney General Dana Nessel emphasized the importance of robust cybersecurity practices in the wake of this settlement. "Companies we trust with our sensitive information must prioritize safeguarding that data," said Nessel. Under the terms of the settlement, Marriott must implement enhanced security practices, including regular risk assessments and improved data encryption techniques, to prevent future breaches.

Michigan’s share of the $52 million settlement, totaling $1.2 million, is intended to help protect residents from further data breaches, which have become a growing concern. Nessel has been a vocal advocate for stronger consumer protection laws in Michigan, pushing for legislation requiring companies to notify the state’s Attorney General of data breaches affecting more than 100 people within 45 days.

Nationwide Investigation Uncovers Multiple Violations

The investigation into Marriott's practices was led by a coalition of Attorneys General from Connecticut, Maryland, and Oregon, with support from numerous other states. The coalition found that Marriott had violated several state consumer protection and data breach notification laws by failing to maintain appropriate security protocols and neglecting to remediate known security vulnerabilities.

Beyond financial penalties, the settlement includes extensive mandates for Marriott. The hotel chain must implement an Information Security Program that includes zero-trust principles, stronger employee training, and oversight from the highest levels of management. Marriott is also required to strengthen its vendor and franchisee oversight, ensuring that third parties adhere to strict cybersecurity standards.

Broader Context: Surge in Data Breaches Demands Stronger Laws

The Marriott breach is just one in a growing wave of cybersecurity incidents affecting Michigan residents. Recently, Michigan’s Attorney General raised concerns about several large-scale breaches, including those at McLaren Health Care and Change Healthcare, which exposed millions of patient records. Nessel has repeatedly called for stronger state laws to address the escalating frequency and severity of these breaches.

With cyberattacks on the rise, the Marriott case underscores the critical need for companies to adopt more aggressive cybersecurity measures. The settlement requires Marriott to undergo independent third-party assessments of its security practices every two years for the next two decades, further emphasizing the long-term nature of this agreement.

Your Turn - Like This, or Hate It - We Want To Hear From You

Please offer an insightful and thoughtful comment. Idiotic, profane, or threatening comments are eliminated without remorse. Consider sharing this story. Follow us to have other feature stories fill up your Newsbreak feed from ThumbWind Publications.

Follow Hurricane Milton's Impact On Florida With Live Webcams

• 8 Live Bradenton Webcams & Latest Bradenton News & Weather
• 13 Live Siesta Key Florida Webcams – Real-Time Siesta Key News & Weather
• 4 Live Venice Florida Webcams, Latest Venice News & Weather Updates
• 4 Live Port Charlotte Webcams, Latest Port Charlotte News & Weather Updates

Explore Michigan's Thumb and the Great Lakes on ThumbWind.com.