Marriott International has agreed to pay $52 million and implement enhanced cybersecurity measures to settle charges with the Federal Trade Commission (FTC) and 49 states plus Washington, D.C., over multiple data breaches that occurred from 2014 to 2020. The FTC announced that Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, will establish a comprehensive information security program, overhaul their data security practices, and share these practices with the FTC for the next 20 years. The company is also required to delete customer information when it is no longer necessary to retain it. The breaches, which exposed personal information of more than 300 million customers worldwide, included two incidents at Starwood prior to Marriott's $13 billion acquisition of the company in 2016. Marriott will provide U.S. customers with a method to request deletion of personal information associated with their email addresses. The company has denied any wrongdoing.