Penalty Amount
$52,000,000
Consumers Affected
131,500,000
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
Marriott must pay $52 million to states, implement a comprehensive Information Security Program with risk assessments, data minimization, encryption, and vendor oversight, undergo independent audits every two years for 20 years, and provide consumers with data deletion options and multi-factor authentication for loyalty accounts.
Entity
Marriott International, Inc.
Also known as: Marriott
Industry
Other$52.0M
A multistate coalition of 50 attorneys general, including New Jersey, reached a $52 million settlement with Marriott International, Inc. for two data breaches that exposed personal information of over 131 million consumers. The breaches resulted from inadequate cybersecurity practices at Starwood and Marriott networks. The settlement mandates comprehensive security improvements and monetary penalties.
$52.0M
Marriott International agreed to a $52 million multistate settlement after a data breach exposed 131.5 million customers' personal information due to undetected intruders in Starwood's system from 2014 to 2018. The settlement mandates significant cybersecurity improvements, including third-party assessments, data minimization, and enhanced training.
$52.0M
Marriott International, Inc. suffered a data breach exposing 131 million guest records, including personal and payment information. The Texas Attorney General secured a $3.5 million settlement as part of a $52 million multistate agreement, requiring Marriott to enhance its data security practices with zero-trust principles and regular reporting to the CEO.
$100K
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
Connecticut Attorney General William Tong joined a coalition of 17 attorneys general in filing a lawsuit against the U.S. Department of Education to stop new data reporting requirements under IPEDS that demand detailed student information. The coalition argues the requirements are unlawful, arbitrary, and jeopardize student privacy by requesting in-depth data that could lead to inadvertent errors and baseless investigations. The lawsuit seeks an injunction to block the implementation of these requirements.
Connecticut Attorney General William Tong, joined by 17 other attorneys general, filed a lawsuit against the U.S. Department of Education to block new IPEDS data reporting requirements that demand student information disaggregated by race and sex. The coalition argues the rushed implementation is unlawful, invades student privacy, and risks unreliable data and baseless investigations. They seek an injunction to halt the data collection and protect student privacy.