Attorney General Jonathan Skrmetti has announced that many will be breathing a collective sigh of relief, especially those concerned about their data online. A sweeping $52 million multistate settlement was reached with Marriott International, Inc. by a coalition of 50 Attorneys General. This settlement comes in response to a significant breach of Marriott's Starwood guest reservation database. According to the Tennessee Attorney General, Tennessee is set to receive just over $919,043 from the settlement. This formidable coalition, alongside the Federal Trade Commission's parallel settlement, reflects a unified front to safeguard consumer data and to hold corporations accountable rightly.
For those unversed in the event's details, this breach wasn't just a fleeting mishap—it loomed undetected from 2014 to 2018, impacting an astonishing 131.5 million U.S. guest records. The compromised information included a range of personal details, from contact information to unencrypted passport numbers.
Marriott's reforms focus on reducing the data they collect and improving their security measures. They are adopting a zero-trust approach, which means they will have strict controls and regular security checks. This includes better training for employees on data handling, stronger data protections like encryption, and closer oversight of vendors and franchisees. They also plan to ensure that new acquisitions are integrated securely into their systems.
As part of the settlement, Marriott will provide important protections for consumers. They will allow customers to delete their data and use multi-factor authentication for loyalty accounts, helping to prevent unauthorized access. If suspicious activity is detected, account reviews will also be conducted, giving guests more peace of mind.
Additionally, an independent third party will evaluate Marriott's security every two years for the next twenty years, ensuring continuous improvement in cybersecurity.