Marriott Faces Sprawling Class-Action Lawsuit Over Hotel Reservation Data Breach

Illustration for article titled Marriott Faces Sprawling Class-Action Lawsuit Over Hotel Reservation Data Breach
Photo: Getty / Scott Olsen

Marriott, the world’s largest hotel chain operator, has been slapped with a class-action lawsuit over the data breach now believed to affect more than 300 million people. The suit, brought by more than 150 past hotel guests, according to Vox, is at least the second to surface since the breach was disclosed in late November.

Advertisement

Filed in Maryland federal district court on January 9, the massive suit includes plaintiffs in dozens of states where it alleges laws were violated. It accused Marriott of involvement in “deceptive, unconscionable, and substantially injurious practices.” In addition to seeking compensatory damages and other forms of relief deemed appropriate by the court, the suit seeks an injunctive relief to prohibit Marriott from “continuing to engage” in “unlawful acts, omissions, and practices...”

The plaintiffs are represented by five law firms: DiCello Levitt & Casey LLC; Hausfeld LLP; Cohen Milstein Sellers & Toll PLLC; Cohen & Gresser LLP; and Kramon & Graham PA.

Advertisement

Marriott declined to comment.

In its most recent update on January 4, Marriott International said the personal information of fewer than 383 million former guests may have been accessed without authorization. The company has yet to provide any details regarding the cause of the breach, but it said roughly 345,000 unexpired payment cards stored in its database may also be compromised. The initial intrusion is said to date back to 2014.

The breach of Marriott’s Starwood reservation system is one of the largest in recent history, potentially dwarfing the 2017 Equifax incident by more than a hundred million victims. The hotel chain operates over 6,700 properties in nearly 130 countries and territories, according to the company.

Marriott’s disclosure, as is customary now after a breach of this magnitude, prompted renewed calls for Washington lawmakers to address the need for a national data privacy law, something Democrats have said is a top priority in 2019 following the party’s takeover of the House of Representatives.

Advertisement

Marriott was previously sued in Maryland by a separate law firm, Morgan & Morgan, in late November. John Yanchunis, an attorney for the firm, told Gizmodo it was both “shocking and horrifying” that it took years for the company to detect the breach.

“Large, sophisticated companies like Marriott are not blind to the risks posed by cyber criminals, who are constantly attempting to infiltrate corporations that store sensitive consumer information,” he said.

Advertisement

Senior Reporter, Privacy & Security

Share This Story

Get our newsletter

DISCUSSION

lawyerinspace
SpaceLawyer

I’ve said this on Gizmodo before, I hope Marriott pays out a massive sum for this breach. As someone who spent more than 90 nights sleeping in SPG and Marriott hotels last year—never mind the 5 years before that—all of my information has likely been compromised.

And I haven’t received a single communication from the hotel chain about my account or security. This is not how you treat loyal, platinum members.