news 
Marriott and Starwood hotels will have to get better at data security
The Federal Trade Commission (FTC) has finalized an order requiring Marriott International and its subsidiary Starwood Hotels to enhance their digital security practices. The decision comes in the wake of significant data breaches that affected over 344 million customers worldwide.
According to reports, the FTC charged both companies with failing to protect consumers’ information with “reasonable security.” This alleged failure led to three major data breaches detected between 2015 and 2020, resulting in the leak of sensitive information such as passport details, payment cards, and other personal data. The longest breach saw attackers maintain access for a staggering four years.
As part of their agreement, Marriott and Starwood have been ordered to establish new security protocols that include creating policies to only retain customer data for as long as it is needed. Furthermore, they must publish a link allowing US customers to request the deletion of information linked to their email address or loyalty account.
The FTC’s order also prohibits the companies from misrepresenting how they collect, maintain, use, delete, or disclose personal information. Additionally, they are required to keep compliance records and submit to FTC inspections.
This development is a significant step towards improving data security in the hotel industry. The breaches were reportedly caused by poor password and firewall practices, failure to patch outdated software and systems, and other vulnerabilities that left customer data exposed.
Source: http://www.theverge.com
