Attorney General Josh Kaul | Attorney General Josh Kaul Office
Attorney General Josh Kaul | Attorney General Josh Kaul Office
Attorney General Josh Kaul announced a $52 million settlement with Marriott International, Inc. involving 50 Attorneys General. This agreement addresses a significant data breach in the Starwood guest reservation database, which Marriott acquired in 2016. The Federal Trade Commission also reached a parallel settlement with Marriott.
The breach, undetected from July 2014 to September 2018, compromised 131.5 million guest records in the United States. These records included contact information, dates of birth, and some unencrypted passport numbers and payment card details.
Attorney General Kaul emphasized the importance of protecting consumer information: “Data breaches like this one can result in harm to consumers,” he said.
The settlement resolves allegations that Marriott violated various state laws by not implementing adequate data security measures after acquiring Starwood. Under the agreement's terms, Marriott will enhance its cybersecurity practices through several measures:
- Implementing a comprehensive Information Security Program.
- Adopting data minimization and disposal requirements.
- Strengthening specific security protocols for consumer data.
- Increasing oversight of vendors and franchisees.
- Conducting independent third-party assessments every two years for two decades.
Marriott will also offer additional consumer protections such as multi-factor authentication for loyalty accounts and options for data deletion.
Wisconsin will receive $833,045 from the settlement. Other participating states include Alabama, Arizona, Arkansas, Florida, Nebraska, New Jersey, New York, Ohio, Pennsylvania, Vermont among others.