The Garden State is set to receive more than $1 million under a settlement agreement announced Wednesday in which the hotel giant Marriott and a subsidiary agreed to pay more than $50 million to resolve claims stemming from two data breaches.

In a press release, New Jersey Attorney General Matthew Platkin announced that the state will receive $1.3 million from the $52 million settlement that Marriott International and its subsidiary Starwood Hotels & Resorts Worldwide recently entered into.

"This settlement is another example of how New Jersey and other states are working together to hold corporations accountable for their failures to safeguard customer data," Platkin in the press release. "Together, we are requiring companies to treat consumer data as carefully as they do their other assets."

Along with the settlement, the Federal Trade Commission also on Wednesday ordered Marriott and Starwood to implement a "comprehensive information security program" after the hotel giant suffered three major data breaches from 2014 to 2020 that exposed the personal information of 344 million customers worldwide.

In the separate settlement, which involved with all 50 state attorneys general, Marriott agreed to pay $52 million in penalties in connection with two of the breaches, which ran from 2014 to 2018 and exposed 131 million Starwood guest records.

The enforcement actions highlight the cybersecurity risks companies face when they make large acquisitions, and serve as a stark reminder not to let inherited vulnerabilities go unnoticed. Two of the three breaches occurred at Starwood and began before Marriott bought the lodging rival for $13 billion in 2016, with one going undetected for 14 months and the other going undetected until 2018.

In connection with the FTC settlement, the agency released a complaint and consent order alleging that Marriott misled customers by claiming to have appropriate data security measures in place while, in reality, the hotel chain did not. In fact, Marriott and Starwood failed to implement proper password controls, access controls or firewall protections, and also neglected to patch outdated software, properly log and monitor their network environments, and use adequate multifactor authentication, according to the FTC.

"Marriott's poor security practices led to multiple breaches affecting hundreds of millions of customers," Samuel Levine, director of the FTC's Bureau of Consumer Protection, said in a statement Wednesday. "The FTC's action today, in coordination with our state partners, will ensure that Marriott improves its data security practices in hotels around the globe."

As part of the FTC settlement, Marriott and Starwood must:

Accurately represent how they handle and protect personal information.

• Limit how long they keep personal data to only what is necessary and explain why the information is collected and retained.

• Create and maintain a comprehensive information security program, and certify compliance to the FTC every year for the next 20 years.

• Offer a way for customers to review unauthorized activity in loyalty accounts and return any stolen points.

• Provide a link for customers to request deletion of their personal information.

In a statement, Marriott said that it has already started improving its data privacy and security programs. It is now offering U.S. customers a way to request that their personal information be deleted, providing an online portal for Marriott Bonvoy members to report suspicious activity in their loyalty accounts, and rolling out a multifactor authentication option for Marriott Bonvoy accounts.

"Protecting guests' personal data remains a top priority for Marriott," the company said. "These resolutions reaffirm the company's continued focus on and significant investments in maintaining and adapting its programs and systems to assess, identify, and manage risks from evolving cybersecurity threats."

The FTC and states said they worked jointly on the probe. The FTC said its settlement does not include a civil penalty because it lacks the legal authority to obtain one in this case.