Marriott's Ongoing Security Struggles: New Data Breaches and a $52M FTC Fine

Marriott International has recently faced several major security incidents, highlighting persistent vulnerabilities in the protection of customer data. Here’s a detailed overview of the recent events:

1. Data Breach at Otelier (July 2024)In July 2024, Otelier, a hotel management platform used by more than 10,000 hotels worldwide, suffered a significant cyberattack. The attackers managed to access nearly 8 terabytes of sensitive data, compromising personal information of millions of clients from major hotel chains, including Marriott, Hilton, and Hyatt. Exposed data included clients' names, addresses, phone numbers, and email addresses.

2. $52 Million Fine by the FTC (October 2024)In October 2024, the U.S. Federal Trade Commission (FTC) announced that Marriott International and its subsidiary Starwood Hotels & Resorts Worldwide were required to implement an information security program to settle charges related to multiple data breaches occurring between 2014 and 2020, affecting more than 344 million customers. Marriott agreed to a $52 million fine to resolve similar allegations with 49 states and the District of Columbia.

3. New Data Breach (December 2024)In December 2024, Marriott announced a new data breach following a cyberattack targeting its computer systems. Although most of the stolen data related to non-sensitive internal business files, some credit card information was also compromised. This breach affected approximately 300 to 400 individuals, mainly customers and staff of the BWI Airport Marriott in Baltimore.

   
   

These incidents underscore the critical need for companies, particularly in the hospitality sector, to strengthen their cybersecurity measures in order to protect sensitive customer data and maintain public trust.