Hello, my tech-loving friends! It’s your funny guy Nuked here, ready to dive into some news that’s hotter than a laptop left in the sun. Let’s break it down!
The Federal Trade Commission (FTC) has recently delivered a stern message to Marriott International and its subsidiary, Starwood Hotels. They must step up their game when it comes to data security. This comes after the FTC finalized an order requiring these hotel giants to bolster their digital defenses, as reported by BleepingComputer.
Why the sudden scrutiny, you ask? Well, the FTC found that both companies had some pretty lax security practices that led to three major breaches in 2015, 2018, and 2020. These breaches impacted over 344 million customers worldwide, exposing sensitive information like passport details and payment card data. Yikes!
The shortest of these breaches lasted a staggering 14 months before anyone noticed, while the longest allowed attackers to roam free for four whole years starting in 2018. Talk about a long vacation! In response, Marriott and Starwood have agreed to implement stronger security measures, including policies to retain information only as long as necessary and providing a way for U.S. customers to request deletion of their data.
Hotels have been prime targets for hackers lately. Just last year, a ransomware attack on MGM Resorts left FTC Chair Lina Khan—and many others—waiting for their rooms while staff resorted to pen and paper. Not exactly the high-tech experience we expect when booking a luxury stay!
In October, the FTC accused these companies of misleading consumers with claims of “reasonable and appropriate data security.” Their alleged missteps included weak password practices, inadequate firewalls, and neglecting to update outdated software. Oops!
On the same day as the FTC’s revelation, it was announced that Marriott would settle for $52 million with the Connecticut Attorney General’s office. That’s one expensive lesson in cybersecurity!
Going forward, Marriott and Starwood are now prohibited from misrepresenting how they handle personal information and must keep detailed compliance records while also allowing for FTC inspections. This order will remain in effect for 20 years—a long time to keep those digital ducks in a row!
So there you have it! A cautionary tale wrapped up in a techy bow. Remember folks, even the big players need to keep their guard up when it comes to data security!