Recently, Congresswoman Erin Houchin (IN-9) and Congressman Josh Gottheimer (NJ-5) introduced the Task Force to End Financial Abuse Act, a bipartisan effort to address the growing issue of coerced debt and financial exploitation. The proposed task force aims to develop a comprehensive approach to combat financial abuse, protect victims, and prevent future incidents.

 

Coerced debt occurs when one individual in an abusive relationship accumulates debt in their partner's name without their knowledge or consent. This form of financial abuse can leave victims trapped with ruined credit, overwhelming debt, and limited financial options, even after escaping an abusive situation.

 

"Addressing coerced debt requires a coordinated effort that goes beyond just tackling financial exploitation; it touches on abuse, consumer protection, and the ability to live free from financial control," said Congresswoman Houchin. "The Task Force to End Financial Abuse Act will provide a roadmap to better understand the scope of this problem and develop real solutions to help victims break free and rebuild their lives."

 

“Far too many survivors are trapped in abusive relationships where their spouse or significant other has run up the bills on credit cards or auto loans – often without their knowledge. As a result, they face destroyed credit, substantial payment expectations, debt collection, and even, bankruptcy. Financial abuse is often the last chain that binds a survivor to their abuser. This new Interagency Task Force on Financial Abuse will bring together relevant federal agencies and external stakeholders to address this crisis head on,” said Congressman Gottheimer. “When we protect survivors from financial abuse, we don’t just restore their credit — we restore their freedom and their future.”

 

The Task Force to End Financial Abuse Act represents a critical step toward breaking the cycle of financial control that affects so many victims of domestic abuse. Congresswoman Houchin and Congressman Gottheimer are committed to advancing this legislation, ensuring that survivors have the support they need and preventing future financial abuse.

 

Indiana Attorney General Todd Rokita announced today that a coalition of 50 attorneys general has reached a settlement with Marriott International Inc., the result of a multi-year investigation into a massive data breach which targeted one of its guest reservation databases. 

Under the settlement with the attorneys general, Marriott has agreed to strengthen its data security practices using a dynamic risk-based approach, to provide certain consumer protections, and to make a $52 million payment to states. 

Indiana will receive over $900,000 from the settlement.

“Protecting Hoosiers’ personal data, whether they are checking into a hotel or just checking out potential travel plans, is an important priority of our office,” Attorney General Rokita said. “That’swhy we hold corporations accountable for responsibly handling consumers’ information. This settlement shows once again our resolve to make sure corporations are vigilant in following security protocols.”

The Federal Trade Commission, which has coordinated closely with the states throughout this investigation, has reached a parallel settlement with Marriott.

Marriott acquired Starwood in 2016 and took control of the Starwood computer network in 2016.  However, from July 2014 until September 2018, intruders in the system went undetected. This led to the breach of 131.5 million guest records pertaining to customers in the United States. The impacted records included contact information, gender, dates of birth, legacy Starwood Preferred Guest information, reservation information, and hotel stay preferences, as well as a limited number of unencrypted passport numbers and unexpired payment card information.

Shortly after the breach of the Starwood database was announced, a coalition of 50 attorneys general launched a multi-state investigation into the breach. Today’s settlement resolves allegations by the attorneys general that Marriott violated state consumer protection laws, personal information protection laws, and, where applicable, breach notification laws by failing to implementreasonable data security and remediate data security deficiencies, particularly when attempting to use and integrate Starwood into its systems.

Under the terms of the settlement, Marriott has agreed to strengthen and continually improve its cybersecurity practices. Some of the specific measures include:

• Implementation of a comprehensive Information Security Program. This includes new overarching security program mandates, such as incorporating zero-trust principles, regular security reporting to the highest levels within the company, including the Chief Executive Officer, and enhanced employee training on data handling and security.

• Data minimization and disposal requirements, which will lead to less consumer data being collected and retained.

• Specific security requirements with respect to consumer data, including component hardening, conducting an asset inventory, encryption, segmentation to limit an intruder’s ability to move across a system, patch management to ensure that critical security patches are applied in a timely manner, intrusion detection, user access controls, and logging and monitoring to keep track of movement of files and users within the network. 

• Increased vendor and franchisee oversight, with a special emphasis on risk assessments for “Critical IT Vendors,” and clearly outlined contracts with cloud providers.

• In the future, if Marriott acquires another entity, it must timely further assess the acquired entity’s information security program and develop plans to address identified gaps or deficiencies in security as part of the integration into Marriott’s network.

• An independent third-party assessment of Marriott’s information security program every two years for a period of 20 years for additional security oversight.

As part of the settlement, Marriott will give consumers specific protections, including a data deletion option, even if consumers do not currently have that right under state law. Marriott must offer multi-factor authentication to consumers for their loyalty rewards accounts, such as Marriott Bonvoy, as well as reviews of those accounts if there is suspicious activity.