Security News FTC orders Marriott and Starwood to implement strict data security

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,566
The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches.

After acquiring Starwood in 2016 and failing to implement "reasonable data security," Marriott International suffered three major data breaches impacting 344 million customers globally.

Order for stronger measures

Now, the FTC has ordered Marriott and its subsidiary, Starwood, to establish a security program that would safeguard the clients’ sensitive data from hackers and provide them better control over their data.

According to the published order, the following key measures need to be taken:
  1. Establish, implement, and maintain a comprehensive information security program that encompasses encryption, access controls, multi-factor authentication, vulnerability management, and incident response plans
  2. Marriott must maintain policies to retain personal information only as long as reasonably necessary for its purposes, and include a link on its website for U.S. consumers to request deletion of their personal information
  3. Implement logging and monitoring of IT assets to detect anomalous activities and security events within 24 hours
  4. Conduct independent, biennial assessments of the information security program for 20 years and report to the FTC any identified gaps addressed
  5. Provide a method for U.S. consumers to review suspected unauthorized activity in their loyalty rewards accounts and restore those points in cases of a breach
  6. Inform the FTC within 10 days of any required notifications to governmental entities about security breaches
The FTC order mandates that Marriott and Starwood implement the required comprehensive information security program and related measures within 180 days from the date the order takes effect, which is December 20, 2024, setting a deadline for June 17, 2025
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top