Bleeping Computer®
The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches.
FTC orders Marriott and Starwood to implement strict data security
By Bill Toulas December 23, 2024 01:43 PM
Now, the FTC has ordered Marriott and its subsidiary, Starwood, to establish a security program that would safeguard the clients’ sensitive data from hackers and provide them better control over their data.
According to the published order, the following key measures need to be taken:
- Establish, implement, and maintain a comprehensive information security program that encompasses encryption, access controls, multi-factor authentication, vulnerability management, and incident response plans
- Marriott must maintain policies to retain personal information only as long as reasonably necessary for its purposes, and include a link on its website for U.S. consumers to request deletion of their personal information
- Implement logging and monitoring of IT assets to detect anomalous activities and security events within 24 hours
- Conduct independent, biennial assessments of the information security program for 20 years and report to the FTC any identified gaps addressed
- Provide a method for U.S. consumers to review suspected unauthorized activity in their loyalty rewards accounts and restore those points in cases of a breach
- Inform the FTC within 10 days of any required notifications to governmental entities about security breaches
The FTC order mandates that Marriott and Starwood implement the required comprehensive information security program and related measures within 180 days from the date the order takes effect, which is December 20, 2024, setting a deadline for June 17, 2025
LATEST ARTICLES
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products.
- December 26, 2024
- 01:27 PM
0
New 'OtterCookie' malware used to backdoor devs in fake job offers
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers.
- December 26, 2024
- 11:53 AM
- 0
Windows 11 installation media bug causes security update failures
Microsoft is warning of an issue when using a media support to install Windows 11, version 24H2, that causes the operating system to not accept further security updates.
- December 26, 2024
- 10:31 AM
- 0
Enter 2025 with a portable VPN router that protects you while you travel
Meet the Deeper Connect Air, a VPN router that you only have to pay for once to connect to its servers for life. This portable router is also designed to travel anywhere, meaning your 2025 VPN upgrade can go on work trips, vacations, etc. Grab it while it's price-dropped to $149.97 with free shipping for only three more days.
- December 26, 2024
- 07:10 AM
- 0
New botnet exploits vulnerabilities in NVRs, TP-Link routers
A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs.
- December 24, 2024
- 03:04 PM
- 0
European Space Agency's official store hacked to steal payment cards
European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.
- December 24, 2024
- 12:07 PM
- 1
FBI links North Korean hackers to $308 million crypto heist
The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May.
- December 24, 2024
- 09:02 AM
- 0
No comments:
Post a Comment