Class action filing is the largest to date against embattled hotel company
Greenbelt, Md. – January 10, 2019 – National class action law firms DiCello Levitt ; Hausfeld; Cohen Milstein Sellers & Toll; Cohen & Gresser; and Kramon & Graham have teamed up to file the nation’s largest class action complaint against Marriott (NASDAQ: MAR) following a massive, long-running data breach at the company. With 176 Plaintiffs from all fifty states, the District of Columbia, Puerto Rico, and the Virgin Islands, this landmark court filing comes on the heels of Marriott’s recent admission that approximately 5.25 million unencrypted passport numbers and 20.3 million encrypted passport numbers were among the sensitive customer records accessed by hackers. By the hotel chain’s own acknowledgement, the breach compromised the personal information of nearly 400 million customers who made reservations at Starwood-branded hotels, which Marriott acquired in 2016, making it one of the largest data breaches in the country’s history.
The consumers filed their lawsuit in the United States District Court for the Southern District of Maryland on Wednesday January 9, 2019, and allege that Starwood, and later Marriott, took more than four years to discover the breach and then failed to notify its customers in a timely manner. Marriott became the world’s largest hotel chain when it acquired Starwood.
“It is difficult to comprehend how Marriott did not discover a data breach of this size during the course of its due diligence efforts in conjunction with its 2016 Starwood acquisition,” said Amy Keller, a partner with DiCello Levitt , who also serves as Co-Lead Counsel in the nationwide class action against Equifax related to its 2017 data breach. “Marriott has completely failed its customers and it is disingenuous for the company to attempt to downplay the seriousness of this breach.” Co-counsel James Pizzirusso of Hausfeld, who is also a Plaintiffs’ Steering Committee member in the Equifax case, added that, “Our clients have instances of documented fraud that we allege are tied to the breach and Marriott’s empty promise to replace passports for only a select few customers rings hollow.”
Beginning in 2014 and possibly earlier, and continuing through November 2018, hackers exploited vulnerabilities in Starwood’s network to access the guest reservation system and steal customer data. Marriott discovered the breach on September 8, 2018 but failed to publicly disclose it until nearly three months later, on November 30, 2018, when it admitted that there had been unauthorized access to the Starwood guest reservation database. This database contained personal customer information, including names, mailing addresses, phone numbers, email addresses, passport numbers, Starwood Preferred Guest (SPG) account information, date of birth, gender, arrival and departure information, reservation dates, and communication preferences. For some customers, the information also included payment card numbers and payment card expiration dates.
“Marriott’s post-breach response plan was wholly inadequate, and we intend to hold the company accountable for its failings,” said Andrew Friedman of Cohen Milstein. “Marriott’s latest revelation that millions of customer passport numbers were unencrypted boggles the mind and is an unprecedented lapse in cybersecurity for such a large customer service business.”
The complaint, filed in U.S. District Court for the District of Maryland, Southern Division, is Vetter, et al. v. Marriott International, Inc., No. 19-cv-00094 (D. Md.). A copy of the complaint is available upon request.
If you believe that you have been affected by the Marriott data breach, attorneys are eager to speak with you about the ongoing litigation and how to protect your rights. Call (440) 953-8888 to speak with one of our attorneys or fill out our online survey here and someone will contact you.