The Federal Trade Commission (FTC) has finalized an order requiring Marriott International, Inc. and its subsidiary, Starwood Hotels & Resorts Worldwide LLC, to implement stringent data security

As a result, its estimated hackers had access to Marriott systems for up to four years, and these breaches landed the firm with a $52 million penalty by the FTC earlier this year, as the FTC argued the firm tried to hide the breaches, and “deceived consumers by claiming to have reasonable and appropriate data security.”

The beefed-up security programs they've agreed to establish include creating policies to only keep information for as long as it’s needed and publishing a link allowing US customers to request the deletion of information tied to their email address or loyalty account.

The U.S. Federal Trade Commission has finalized an order requiring Marriott International Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a comprehensive information security program to settle charges following multiple hacks of the hotel group that led to the theft of details of 344 million customers globally.

The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches.

The Federal Trade Commission (FTC) has responded to a series of massive Marriott and Starwood data breaches, ordering the

Marriott and Starwood Hotels & Resorts must implement a “comprehensive information security program” to settle charges filed in the US after three large data breaches. The hospitality group has to appoint someone to lead the program, provide regular governance reports, and track and document the program at regular intervals as it is implemented.