Marriott International has agreed to a $52 million settlement with 49 U.S. states and the District of Columbia over a data breach that compromised the personal information of millions of guests. The settlement resolves a lawsuit stemming from a massive four-year-long breach of Marriott’s Starwood system, which exposed more than 131 million guest records between 2014 and 2018.
The data breach, which began before Marriott acquired Starwood in 2016, affected sensitive information including names, email addresses, phone numbers, and passport details of guests worldwide. The lawsuit alleged that Marriott failed to properly secure its systems and follow its own data protection protocols after the acquisition. State attorneys general involved in the case argued that had Marriott taken appropriate steps to secure the Starwood database, the breach could have been prevented.
Marriott has not admitted wrongdoing but has agreed to the financial settlement to resolve claims and improve its data security practices moving forward. The settlement includes provisions that require Marriott to implement stronger cybersecurity measures, enhance monitoring of its systems, and provide regular updates on its compliance with state data protection laws.
State officials emphasized that this settlement serves as a reminder to corporations about the importance of safeguarding customer information. Maryland Attorney General Anthony Brown stated, “Consumers trust companies with their personal data, and when that trust is broken, there are consequences. This settlement ensures that Marriott is held accountable and that stronger security measures are in place to prevent future breaches.”
Marriott, which is headquartered in Bethesda, Maryland, has already faced significant fallout from the data breach, including lawsuits from consumers and fines from regulatory bodies in other countries. The hotel chain has been working to repair its reputation and assure customers that their data is secure.
The settlement funds will be distributed to the states involved, and Marriott is expected to continue cooperating with regulators as it strengthens its data security policies. Meanwhile, affected consumers have been advised to monitor their credit and personal accounts for any signs of fraud or identity theft.
