1 Comment

Having worked with Marriott prior to the Starwood acquisition, Marriott had all of the requisite policies and procedures the FTC is asking for and I know they were working because that is what we were asked to assess.

When the Starwood breach occurred, Marriott had just acquired them and was in the middle of bringing them into their environment but was not even close to integrating them. It was an open secret in the industry that Starwood's IT environment was garbage from a security and technology standpoint so no one was terribly surprised when they were breached.

However, it was made very, very clear from the start that it was Starwood's environment that had suffered the breach, not Marriott. In fact Marriott made sure to communicate with its Loyalty members (of which I am one) that their information in Marriott's possession was secure. However, those of us with Starwood accounts (I was also one) were forced to get new credentials until Marriott integrated them a few months later.

Expand full comment