Inntopia Data Breach Affected Nearly 18K Consumers, Class Action Says

New to ClassAction.org? Read our Newswire Disclaimer

Inntopia has been hit with a proposed class action over an October 2021 cyberattack that supposedly compromised the sensitive information of nearly 18,000 consumers.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 31-page suit against Sterling Valley Systems Inc., who as Inntopia provides software, e-commerce solutions, marketing and analytics and hotel booking services to the hospitality industry, claims that the company stored consumers’ personal information in a “reckless manner.” In particular, the case says, the information was kept on Inntopia’s network “in a condition vulnerable to cyberattacks of this type.” 

The data breach compromised the information of at least 17,952 people, the complaint says. Per the suit, the incident began on or around October 9, 2021 and was discovered by Inntopia on or around February 18, 2022. 

Information stolen in the data breach included consumers’ payment card numbers, the filing states. 

According to the lawsuit, the mechanism with which the cyberattack was executed was a known and foreseeable risk to Inntopia, and the company was on notice that consumers’ personal information was housed in a dangerous condition. Further, the case accuses Inntopia and its employees of failing to properly monitor its computer systems, which may have enabled the incident to be discovered sooner, per the suit. 

“Defendant certainly was aware of the risks associated with collecting and maintaining the [personally identifiable information] of consumers, and similarly was aware that data breaches associated with the travel industry were growing in frequency and that the consequences were severe,” the lawsuit states. 

The case says that Inntopia sent to customers around May 2022 a notice that stated the company had detected in February an intrusion into its systems that began last October. The plaintiff, an Alameda County, California resident who used Inntopia’s booking services through Whistler Resort, claims to have received a fraud alert about his Chase credit card shortly after the intrusion into the defendant’s system.

The case looks to cover all individuals whose personally identifiable information was compromised in the data breach discovered by Sterling Valley Systems (Inntopia) on or about February 18, 2022. 

Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.