TRENTON, NJ – A coalition of 50 Attorneys General has secured a $52 million settlement with Marriott International, Inc. after investigations into two significant information security breaches, including a major data breach involving Starwood Hotels and Resorts. New Jersey will receive over $1.3 million as part of the settlement. The Federal Trade Commission has also reached a parallel settlement with Marriott.
Attorney General Matthew J. Platkin highlighted the cooperation among states in holding corporations accountable for safeguarding consumer data. Cari Fais, Acting Director of the Division of Consumer Affairs, expressed satisfaction that Marriott will enhance its processes as part of the settlement. The violations include breaches of data protection and consumer fraud laws, specifically in inadequate cybersecurity measures.
The first incident began in 2014 with malware infiltration in Starwood’s database, which Marriott acquired in 2016. The breach involved unauthorized access to sensitive records over four years, impacting over 131.5 million Americans, including more than 4.3 million residents of New Jersey. Failures in Marriott’s security systems were later identified.
A second breach occurred when intruders accessed Marriott’s network by compromising a franchised property’s employee credentials.
