Wisconsin will receive over $830,000 from a $52 million, multistate settlement with Maryland-based Marriott International Inc., WisBusiness reports. In the settlement, related to a data breach of Marriott’s guest reservation system, the company says that in addition to complying with the financial penalty, it will improve data security and take additional measures to protect consumers.
With almost 9,000 hotels across over 30 brands, Marriott International is the world’s largest hotel chain. In 2016, the company acquired Connecticut’s Starwood Hotels & Resorts Worldwide and took over its computer network, which had already been breached between 2014–2018. As a result, guest records of 131.5 million U.S. customers were exposed.
The settlement reportedly resolves allegations that Marriott violated state consumer protection laws, personal information protection laws, and breach notification laws; the company allegedly did not employ sufficient data security or address vulnerabilities in its security system while using and integrating Starwood’s systems.
The company has made “no admission of liability” related to the allegations and says data privacy and information security improvement efforts are already underway or in place. Customers are also being offered the opportunity to have their personal data deleted.
Marriott will implement a wide-ranging security program that includes expanded employee training, the collection and retention of less consumer information, and new security requirements for consumer data. It will need to “further assess” new security programs and plan for gaps during integration in the event of future acquisitions. The company must also undergo a third-party security assessment every two years for a 20-year period.
