In a notable development for digital security in the hospitality sector, Marriott International Inc. has reached a sweeping $52 million settlement over its widely reported data breach saga. Under the terms Ohio Attorney General Dave Yost secured alongside a coalition of 49 other attorneys general, the hotel giant has committed to shoring up its cybersecurity infrastructure and practices. This agreement stems from harsh scrutiny of a protracted data violation that put the personal information of about 131.5 million hotel guests at risk, reports confirm.
Leaking through the cracks of a system acquired during Marriott's assimilation of Starwood Hotels in 2016, the breach, undetected since July 2014, eventually caught attention in September 2018. Exposed to potential malfeasance were guests' contact details, reservation information, and, in some instances, unprotected passport numbers and payment card information. "Marriott was supposed to be a trusted gatekeeper of millions of people’s personal information, but it failed," Yost said in a statement obtained by the Ohio Attorney General Dave Yost's Office.
The legal discovery process unveiled that Marriott's commitments to consumer protection were breached by its failure to implement reasonable security practices. As a constituent of their atonement, Marriott has agreed to acknowledge this failure in fines and tangible upgrades to its data security. These enhancements include heightened employee training protocols and the introduction of multifactor authentication for their loyalty program, namely the Marriott Bonvoy accounts.
Setting a precedent for corporate responsibility, the settlement encourages Marriott to practice data minimization and to ensure the secure disposal of personal information. In their vigilance over new corporate expansions, Marriott must evaluate and subsequently fortify the security postures of any entities they absorb. Perhaps most significantly, Marriott must submit their digital defenses to independent third-party assessments every two years for two decades, underscoring Marriott's enduring obligation toward their guests’ privacy and safety.
Scrolling past a simple pecuniary punishment, Yost emphasized the broader implications of this settlement for the corporate world. "Companies need to be proactive and diligent when it comes to safeguarding the public’s personal information," he added, according to the Ohio Attorney General Dave Yost, as it broadcasts an unmistakable signal to the industry emphasizing the weight of consumer data protection. The settlement money will be distributed among the states, with Ohio receiving more than $1.5 million for its part in the investigation and legal proceedings.
