Connect with us

Hi, what are you looking for?



Class Action Lawsuit Filed Against Marriott Over New Data Breach

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.

The complaint filed by Morgan & Morgan in the District of Maryland accuses Marriott of negligence, breach of contract, breach of confidence, and deceptive and unfair trade practices.

Marriott has been accused of “failing to take adequate and reasonable measures to ensure their data systems were protected against unauthorized intrusions; failing to disclose that it did not have adequately robust computer systems and security practices to safeguard guest PII; failing to take standard and reasonably available steps to prevent the Data Breach; failing to monitor and timely detect the Data Breach; and failing to provide Plaintiff and Class Members with prompt and accurate notice of the Data Breach.”

Marriott revealed on Tuesday that someone may have stolen information on up to 5.2 million guests after accessing an internal application using the credentials of two employees at a franchise property. The app in question is used by corporate-owned and franchised hotels to provide services to guests.

The investigation into the incident has so far revealed that the unauthorized access likely started in mid-January. The breach was discovered at the end of February.

Various types of information were exposed, including name, mailing address, email address, phone number, loyalty account number and point balance, company name, gender, birth day and month, information on the customer’s preferences, and details on partnerships and affiliations. However, not every piece of information was present for each affected guest.

Marriott believes Bonvoy account passwords or PINs, passport information, payment card information, national IDs or driver’s license numbers have not been compromised. However, Bonvoy passwords have been reset and impacted guests have been offered identity protection services free of charge for one year.

Advertisement. Scroll to continue reading.

This breach is relatively small compared to the incident disclosed by Marriott in November 2018, which impacted roughly 383 million people who had stayed at Starwood hotel properties. A class action lawsuit has been filed against Marriott over this older breach as well and a federal judge recently allowed the case to proceed.

“These large companies know the risk posed by cyber criminals and continue to be cavalier with their customers’ personal information. It’s stunning that Marriott, which is already defending a significant data breach, we allege, would not have taken more care to secure its customers’ information. The fact that this breach comes less than two years after the first one we know about is damning, and they must be held accountable,” Morgan & Morgan attorneys John Morgan and John Yanchunis said in a joint statement.

“When guests stay at hotels, they trust the hotel will provide adequate security – both physical and the protection of their private information. It appears that the trust millions of people placed in Marriott was violated – again,” they added.

Related: French Consumer Group Launches Class Action Against Google

Related: Lawsuits Filed Against Intel Over CPU Vulnerabilities

Related: AMD, Apple Sued Over CPU Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.