The U.S. Federal Trade Commission (FTC) has ordered hotel operator Marriott International to implement “robust” changes to its data security program in order to resolve state and federal claims related to multiple data breaches.
Marriott also agreed to pay a $52 million fine to 49 states and the District of Columbia to resolve similar data security allegations.
Three large data breaches occurred at Marriott and its subsidiary, Starwood Hotels and Resorts Worldwide, from 2014 to 2020, impacting more than 344 million customers worldwide, the FTC said in a statement on Wednesday.
The data breaches happened owing to the companies’ “failure to implement reasonable data security,” the commission said….