What was the outcome of the U.S. investigations into the Data Security Incident involving Delta Hotels By Marriott?
Delta_Hotels_By_Marriott Franchise · 2025 FDDAnswer from 2025 FDD Document
Attorneys General from all 50 U.S. states and the District of Columbia (the "AGs"), the Federal Trade Commission, and certain committees of the U.S. Senate and House of Representatives have made inquiries, opened investigations, or requested information and/or documents relating to the Data Security Incident and associated matters. On October 9, 2024, MII announced that it had reached final resolutions with the Federal Trade Commission and AGs from 49 states and the District of Columbia relating to the Data Security Incident. The resolution with the AGs includes an agreement to pay a total of $52 million to be divided among the participating AGs. Those payments have been made. MII also agreed to continue implementing enhancements to its data privacy and information security programs, many of which are already in place or in progress. As indicated in the agreements with the FTC and the AGs, MII has made no admission of liability with respect to the underlying allegations.
Source: Item 2 — BUSINESS EXPERIENCE (FDD pages 20–33)
What This Means (2025 FDD)
According to the 2025 FDD, Delta Hotels By Marriott faced inquiries and investigations from various U.S. authorities, including Attorneys General from all 50 states and the District of Columbia, the Federal Trade Commission, and certain committees of the U.S. Senate and House of Representatives, following a Data Security Incident. These investigations pertained to the data security incident and associated matters.
Ultimately, Delta Hotels By Marriott reached final resolutions with the Federal Trade Commission and Attorneys General from 49 states and the District of Columbia on October 9, 2024. As part of the resolution with the Attorneys General, Delta Hotels By Marriott agreed to pay a total of $52 million, which has already been distributed among the participating Attorneys General. Additionally, Delta Hotels By Marriott committed to continue enhancing its data privacy and information security programs, with many of these enhancements already in place or in progress.
The agreements with the FTC and the Attorneys General explicitly state that Delta Hotels By Marriott made no admission of liability regarding the underlying allegations. This resolution concludes the U.S. investigations into the Data Security Incident, allowing Delta Hotels By Marriott to move forward with its enhanced data protection measures without admitting fault.