The Federal Trade Commission (FTC) has ordered Marriott International, one of the world's largest hotel chains, to take significant steps to enhance its data security. This order comes in the aftermath of several cyberattacks that compromised sensitive customer data.
The FTC's decision stems from a large-scale data breach that affected Marriott's Starwood Hotels database in 2018. This data breach exposed the personal information of approximately 500 million customers, including names, passport numbers, and even credit card details. The FTC has expressed concerns about Marriott International's data security measures, leading to this recent order.
The order requires Marriott International to establish a comprehensive information security program that is designed to protect the privacy, security, confidentiality, and integrity of its customers' personal information. This includes conducting annual assessments of the risks to customer data, implementing safeguards to control these risks, and ensuring third-party service providers are also adequately protecting customer data.
In addition to these measures, Marriott International will have to provide the FTC with annual certifications of compliance with the order. Failure to comply could result in significant penalties. The hotel chain will also have to report any future data breaches to the FTC within 10 days of discovery.
This FTC order highlights the importance of data security in today's digital world. With cyberattacks becoming more frequent and sophisticated, businesses that handle sensitive customer data need to take all necessary precautions to protect this information. The FTC's action against Marriott International underscores the seriousness with which regulators are treating data security lapses and the potential consequences for companies that fail to safeguard their customers' personal information.