Penalty Amount
$52,000,000
Consumers Affected
131,500,000
A multistate coalition of 50 attorneys general, including New Jersey, reached a $52 million settlement with Marriott International, Inc. for two data breaches that exposed personal information of over 131 million consumers. The breaches resulted from inadequate cybersecurity practices at Starwood and Marriott networks. The settlement mandates comprehensive security improvements and monetary penalties.
Marriott must pay $52 million, implement a cybersecurity overhaul including appointing a Chief Information Security Officer, establishing board oversight, enhancing security controls, allowing consumers to request data deletion and loyalty account reviews, training employees, conducting risk assessments, improving vendor management, and submitting to regular third-party audits.
Entity
Marriott International, Inc.
Also known as: Marriott
Industry
OtherOfficial Press Release
https://www.njoag.gov/attorney-general-platkin-multistate-coalition-announce-52-million-settlement-for-marriott-starwood-data-breaches/
2024 1009 Marriott Complaint as filed
https://www.nj.gov/oag/newsreleases24/2024-1009_Marriott-Complaint-as-filed.pdf
2024 1009 Marriott Final Consent Judgment as filed
https://www.nj.gov/oag/newsreleases24/2024-1009_Marriott-Final-Consent-Judgment-as-filed.pdf
New Jersey Attorney General Enforcement Page
https://www.njoag.gov/about/divisions-and-offices/division-of-consumer-affairs/
$52.0M
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
$52.0M
Marriott International agreed to a $52 million multistate settlement after a data breach exposed 131.5 million customers' personal information due to undetected intruders in Starwood's system from 2014 to 2018. The settlement mandates significant cybersecurity improvements, including third-party assessments, data minimization, and enhanced training.
$52.0M
Marriott International, Inc. suffered a data breach exposing 131 million guest records, including personal and payment information. The Texas Attorney General secured a $3.5 million settlement as part of a $52 million multistate agreement, requiring Marriott to enhance its data security practices with zero-trust principles and regular reporting to the CEO.
A former employee of the New Jersey Department of Children and Families was indicted for allegedly leaking confidential child protection case information in exchange for bribes. The defendant, Susaida Nazario, misused her access to provide case details to an unauthorized individual, compromising sensitive children's data.
New Jersey Attorney General Matthew Platkin announced that New Jersey is joining a coalition of 22 states in suing Uber for deceptive practices related to its Uber One subscription service. The lawsuit alleges that Uber enrolled consumers without their knowledge and made cancellation extremely difficult, seeking restitution, penalties, and an injunction under New Jersey's Consumer Fraud Act and the Restore Online Shoppers' Confidence Act.
New Jersey Attorney General Matthew Platkin is leading a bipartisan coalition of 42 attorneys general in sending a letter to 13 tech companies, demanding that they implement safeguards for their AI chatbots to prevent harmful interactions such as sexually explicit conversations with children, encouraging self-harm, and spurring violence, following reports of serious incidents including deaths and self-harm.