Marriott hit with major penalty to settle security breach claims

News
By published

$52 million penalty must be paid to 49 states and the District of Columbia

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Marriott International has agreed to pay a huge sum to settle cybersecurity-related charges brought by the US Federal Trade Commission (FTC).

Fines aside, it also agreed to implement a more robust IT program and grant its customers better ways to manage their data, following multiple data breaches over the last ten years that have resulted in millions of customer data records being exposed, stolen, and otherwise compromised.

The FTC also argued that Marriott tried to hide the fact that it suffered the breaches, and “deceived consumers by claiming to have reasonable and appropriate data security.”

Robust IT infrastructure

“Marriott’s poor security practices led to multiple breaches affecting hundreds of millions of customers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC’s action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe.”

The hospitality chain was charged by the FTC, and after years of back-and-forth, agreed to settle the charges by making certain changes to its systems, and paying a fine. That being said, Marriott agreed to pay a $52 million penalty to 49 states and the District of Columbia.

Furthermore, it will have to implement significant changes to its IT practices: it will have to tell the customers why it’s collecting their data, and is allowed to retain it for only as long as reasonably necessary; it will have to establish, implement and maintain a comprehensive information security program and certify compliance to the FTC annually for 20 years; it will have to allow consumers to review unauthorized activity in their Marriott Bonvoy loyalty rewards accounts; it will have to restore any loyalty points stolen by malicious actors and ultimately - it will have to must provide a link for customers to request deletion of their personal data.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
PayPal
PayPal fined by New York for cybersecurity failures
Ransomware
Millions of hotel guest reservations leaked in Otelier data breach
Suitcase next to a bed in a hotel
Millions of hotel users see personal info checked out in huge data leak
GoDaddy logo
GoDaddy told to up security practices by FTC
Data Breach
US state sues T-Mobile over 2021 data breach which leaked data of millions
security
The true cost of a security breach
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
A trough sensor at Overbury farm

“It's wildlife working for you” - how Agri-Tech can help revolutionize British farming as we know it
See more latest
Most Popular
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Samsung Magician 8.3.0
Samsung reveals a new version of its popular SSD software, and yes, you should absolutely download it if you own a Samsung SSD
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia's most expensive Blackwell card gets massive price cut but it is not the RTX 5090
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so