On October 16, 2024
State News

Nationwide multi-state settlement with Marriott amounts to $52 million

Vermont Attorney General Charity Clark announced on Oct. 9 that a coalition of 50 attorneys general has reached a settlement with Marriott International, Inc. after an investigation into a large multi-year data breach of one of Marriott’s Starwood guest reservation databases. Under the settlement, Marriott has agreed to strengthen its data security practices using a dynamic risk-based approach, pay $52 million to states, and provide additional consumer protections. Vermont will receive $590,292.25 from the settlement. 

The Federal Trade Commission, which has been coordinating closely with the states throughout their investigation, has reached a parallel settlement with Marriott.

“This case is a $52 million reminder that good data hygiene, such as data minimization, can protect not only consumers but also businesses that suffer a data breach,” said Clark. 

Marriott acquired Starwood in 2016 and took control of the Starwood computer network in 2016.  From July 2014 until September 2018, intruders into this computer network went undetected. This failure led to the breach of 131.5 million guest records pertaining to customers in the U.S. The impacted records included contact information, gender, dates of birth, legacy Starwood Preferred Guest information, reservation information, hotel stay preferences, and a limited number of unencrypted passport numbers and unexpired payment card information.

Shortly after the breach of the Starwood database was announced, a coalition of 50 attorneys general launched a multi-state investigation into the breach. The Oct. 9 settlement resolves allegations by Attorney General Clark that Marriott violated Vermont’s Consumer Protection Act and Security Breach Notification Act by failing to implement reasonable data security and remediate data security deficiencies, particularly when attempting to use and integrate Starwood into its systems.

Under the terms of the settlement, Marriott has agreed to strengthen and continually improve its cybersecurity practices. As part of the settlement, Marriott will give consumers specific protections, including a data deletion option, even if consumers do not currently have that right under state law. 

Marriott must offer multi-factor authentication to consumers for their loyalty rewards accounts — such as Marriott Bonvoy— as well as reviews of those accounts if there is any suspicious activity.

Do you want to submit feedback to the editor?

Send Us An Email!

Related Posts

VTrans announces new plow names and winner of long-wing contest

November 13, 2024
The Vermont Agency of Transportation (AOT) received 118 new names for its big orange plow trucks through this year’s Name a Plow program for Vermont schools. The agency also received 77 entries in the contest for schools to name the new plow truck that has a second plow spanning 21 feet and will be used…

Vermont’s regular deer season starts Nov. 16

November 6, 2024
Hunters are gearing up for the start of Vermont’s traditionally popular 16-day regular deer season that begins Saturday, Nov. 16 and ends Sunday, Dec. 1.  A hunter may take one legal buck during this season if they did not already take one during the archery deer season. “The greatest numbers of deer continue to be…

Hospitals report runs into furor over ‘major restructuring’ recommendations 

November 6, 2024
Analysis plunged state’s healthcare system into anxiety, uncertainty By Peter D’Auria/VTDigger Last month, a consultant released a sweeping report recommending significant changes for Vermont’s healthcare system, including “major restructuring” at four community hospitals. The 144-page state-commissioned document details a series of steps that Vermont’s hospitals should take to stay afloat, including repurposing inpatient units and downgrading emergency departments…

Amazon to pay $400,000 to Vermont for violating online sales ban on vaping products

October 30, 2024
Attorney General Charity Clark announced that Amazon has agreed to pay $400,000 to the State of Vermont to settle a dispute regarding violations of the state’s delivery sales ban, which prohibits the direct shipping of tobacco products, including e-cigarettes and vaping products, to Vermont consumers. The settlement resolves allegations that third-party sellers on Amazon’s platform…