Penalty Amount
$52,000,000
Marriott International agreed to a $52 million multistate settlement after a data breach exposed 131.5 million customers' personal information due to undetected intruders in Starwood's system from 2014 to 2018. The settlement mandates significant cybersecurity improvements, including third-party assessments, data minimization, and enhanced training.
Marriott must pay $52 million, undergo independent third-party security assessments every two years for 20 years, implement a comprehensive information security program with regular reporting to executives, minimize data collection and retention, enhance vendor and franchisee oversight, allow customers to delete their data, and offer multi-factor authentication for loyalty accounts.
Entity
Marriott International, Inc.
Also known as: Marriott
Industry
OtherOfficial Press Release
https://ag.ny.gov/press-release/2024/attorney-general-james-announces-52-million-multistate-settlement-marriott-over
a5jcI00c1Is8 eBEA7C1h5hooDfBdYkanaI5z6Txodg=373 ;JSUlJSUlJQ!
https://urldefense.com/v3/__https:/links-1.govdelivery.com/CL0/https:*2F*2Fag.ny.gov*2Fsites*2Fdefault*2Ffiles*2Fsettlements-agreements*2Fmarriott-judgment-ny-marriott-final-signed.pdf/1/010001927200ae67-78cdb342-98f7-4eab-8825-07e44f9604f2-000000/a5jcI00c1Is8-eBEA7C1h5hooDfBdYkanaI5z6Txodg=373__;JSUlJSUlJQ!!Ke5ujdWW74OM!71-W80JIMcF5JQ-wD1E-dUpr2xfzwnnmIk0n3Jdl8GckisrzaFS443yXLS8_1kIe0ooAZVN4q8E-bRnYzxWwXss2qt-CoqK18Y6n2KKAcWsX$
New York Attorney General Enforcement Page
https://ag.ny.gov/press-releases
$52.0M
A multistate settlement with Marriott International for a data breach affecting 131.5 million guest records. Marriott failed to secure the Starwood network from 2014 to 2018, exposing personal information. The settlement includes a $52 million payment and requires Marriott to implement enhanced cybersecurity measures and consumer protections.
$52.0M
A multistate coalition of 50 attorneys general, including New Jersey, reached a $52 million settlement with Marriott International, Inc. for two data breaches that exposed personal information of over 131 million consumers. The breaches resulted from inadequate cybersecurity practices at Starwood and Marriott networks. The settlement mandates comprehensive security improvements and monetary penalties.
$52.0M
Marriott International, Inc. suffered a data breach exposing 131 million guest records, including personal and payment information. The Texas Attorney General secured a $3.5 million settlement as part of a $52 million multistate agreement, requiring Marriott to enhance its data security practices with zero-trust principles and regular reporting to the CEO.
New York Attorney General Letitia James, joined by 16 other states, sued the U.S. Department of Education over a new survey requiring colleges to submit extensive student data, arguing it violates the Administrative Procedure Act and threatens student privacy. The lawsuit seeks to block the mandate and prevent penalties for non-compliance.
New York Attorney General Letitia James sent a letter to Instacart demanding information about its algorithmic pricing practices after a study revealed significant price differences for the same products. The AG warns that Instacart may be violating the New York Algorithmic Pricing Disclosure Act by failing to clearly disclose the use of personal data for price setting.
$500K
New York Attorney General Letitia James secured a $500,000 settlement from OrthopedicsNY, LLP for failing to implement reasonable data security practices, which led to a cyber-attack stealing sensitive personal and health information of over 650,000 patients and employees. The settlement imposes penalties, requires funding for credit monitoring, and mandates enhanced security measures including multi-factor authentication and encryption.