Class Action Over Marriott Data Breach Filed in Connecticut

New to ClassAction.org? Read our Newswire Disclaimer

The latest case in an ongoing stream of proposed class actions filed against Marriott International, Inc. centers on the hotel chain’s alleged negligence believed to be responsible for a years-long data breach during which highly sensitive information for approximately 500 million guests was exposed to hackers.

The lawsuit was filed in Connecticut, where Marriott and co-defendant Starwood Hotels & Resorts Worldwide LLC are headquartered, by a California resident. According to the suit, undetected hackers had access to private information logged in Marriott’s Starwood guest database, including names, addresses, and passport and payment card numbers, from at least 2014 through September 2018. It wasn’t until November 30, the case notes, that Marriott informed proposed class members of the cyber security incident.

The defendants’ “lax approach” to security was to blame for the breach, the lawsuit claims, pointing out that the companies supposedly failed to abide by federal guidelines and industry data protection standards. According to the complaint, these standard practices supposedly ignored by the defendants include not storing cardholder data for longer than necessary, properly disposing of private information that is no longer needed, and encrypting card data in point-of-sale systems. The suit charges that the defendants’ inadequate database security resulted in “obvious red flags” being missed. With proper monitoring, the complaint says, intruders could have been detected earlier and the damage of the four-year breach would have been significantly minimized.

“As a result of the Defendants’ data breach, Plaintiff and the Class are required to cancel payment cards, change or close accounts, investigate fraudulent activity, and take other steps to protect themselves in an effort to reduce the risk of future, but certainly impending, identity theft, loan fraud, and other fraudulent transactions,” the complaint reads.

The lawsuit seeks to represent a national class and a California subclass consisting of individuals who provided their personal information to Starwood’s guest reservation system and whose data was accessed or stolen in the breach.