WHEN YOU ARE A DAVID WHO NEEDS TO TAKE ON A GOLIATH
CLICK HERE FOR A FREE TIP EVALUATION 100% anonymous and confidential
As seen on
Posted by Meissner Associates

Did Marriott Violate SEC Cybersecurity Disclosure Standards?

The U.S. Securities and Exchange Commission (SEC) is responsible for overseeing the rules and regulations regarding the financial markets and securities world. When a corporation is found to have engaged in fraudulent activities, the SEC can open an investigation and take action against the violating company.

Recently, Marriott International, a hotel corporation with offices located around the world, announced a data breach in their reservation system that could have exposed the personal information of approximately 500 million individuals over the past four years.

Below, we discuss the Marriott hacking scandal in further details, and we explore whether Marriott was in violation of the SEC’s cybersecurity disclosure standards.

The Marriott Hacking Scandal

In 2016, Marriott International acquired Starwood as one of its subsidiary hotels. Then, in September 2018, one of Marriott’s internal security tools discovered a possible breach in the U.S. guest database.

Once Marriott discovered that guest information may have been compromised, they opened an investigation to determine the details of the breach and what information had been stolen.

Their investigation uncovered that a hacker copied guest information from the database and encrypted it. From there, Marriott worked diligently to decrypt the information and find out which guest information had been stolen.

The question of whether Marriott violated the SEC’s cybersecurity disclosure standards comes into play when the company failed to mention the data breach when it filed its recent quarterly report to the SEC—only described certain cyber risk factors that Marriott might be facing.

SEC Cybersecurity Risks and Disclosure

Currently, there is no specific law that requires corporations to disclose these types of hacking incidents. As such, Marriott did not violate the cybersecurity disclosure standards as they are currently written. However, that doesn’t mean that companies shouldn’t be obligated to disclose these hacks and cybersecurity risks.

Failure to report and inform these breaches in data puts guests and investors at risk, particularly if the corporation provides false or misleading information to investors and the public.

Marriott can be further scrutinized due to the fact that the data breach in question was found to have been ongoing within Starwood since 2014, but was not discovered until two years after Marriott acquired its subsidiary.

The SEC is likely to make their standards for cybersecurity disclosures more clear, as the vague nature of the guidelines opens the door for other corporations who have been hacked or face cybersecurity breaches to not disclose these breaches to their investors and impacted consumers.

Get Help from a SEC Whistleblower Lawyer

As can be seen, the cybersecurity disclosure standards of the SEC are a cause for concern, and if you believe that you have information regarding a possible violation of these standards, you can work with an SEC whistleblower lawyer at Meissner Associates to report your tip and possibly win a reward for your efforts.

You can schedule your confidential tip assessment today by giving our office a call at 1-866-764-3100 or by completing the secure contact form we have provided at the bottom of this page.

SEC WHISTLEBLOWER TIP INFORMATION
[]
1 Step 1

SEC Whistelblower Tip Information

First Namerequired
Last Nameoptional
Phone Numbertelephone number
Address Line 1street address
Address Line 2street address
Citystreet address
Statestreet address
Zipcodestreet address
Countrystreet address
HAS YOUR TIP BEEN SUBMITTED TO ANY REGULATORY BODY, SUCH AS THE SEC, PRIOR TO THIS FORM?pick one!
IF YOU ARE / WERE AN EMPLOYEE OF THE SUBJECT COMPANY, WAS THIS REPORTED INTERNALLY?pick one!
PLEASE CHOOSE THE OPTION BELOW THAT BEST REPRESENTS YOUpick one!

IF YOUR TIP HAS ALREADY BEEN SUBMITTED ELSEWHERE, PLEASE SPECIFY WHICH REGULATORY BODY ( LIST ALL ) YOU HAVE SUBMITTED YOUR CASE TO BELOW.

more details
0 /
Other Informationmore details
0 /

Please Note Before Submission:

The Meissner firm is very sensitive about the confidential nature of Whistleblower submissions and client concerns regarding such. The above information shall be maintained in strict confidence and shall only be reviewed by Mr. Meissner and his associates, who are required to maintain all client information in strict confidence -- if you would rather exchange this information via telephone, please feel free to call us at (212) 764-3100 or ​(866) 764-3100

Previous
Next
powered by FormCraft