Security Experts:

Connect with us

Hi, what are you looking for?



Class Action Lawsuit Filed Against Marriott Over New Data Breach

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.

Law firm Morgan & Morgan announced on Thursday that it has filed a class action lawsuit against Marriott over the recently disclosed data breach that has impacted as many as 5.2 million individuals.

The complaint filed by Morgan & Morgan in the District of Maryland accuses Marriott of negligence, breach of contract, breach of confidence, and deceptive and unfair trade practices.

Marriott has been accused of “failing to take adequate and reasonable measures to ensure their data systems were protected against unauthorized intrusions; failing to disclose that it did not have adequately robust computer systems and security practices to safeguard guest PII; failing to take standard and reasonably available steps to prevent the Data Breach; failing to monitor and timely detect the Data Breach; and failing to provide Plaintiff and Class Members with prompt and accurate notice of the Data Breach.”

Marriott revealed on Tuesday that someone may have stolen information on up to 5.2 million guests after accessing an internal application using the credentials of two employees at a franchise property. The app in question is used by corporate-owned and franchised hotels to provide services to guests.

The investigation into the incident has so far revealed that the unauthorized access likely started in mid-January. The breach was discovered at the end of February.

Various types of information were exposed, including name, mailing address, email address, phone number, loyalty account number and point balance, company name, gender, birth day and month, information on the customer’s preferences, and details on partnerships and affiliations. However, not every piece of information was present for each affected guest.

Marriott believes Bonvoy account passwords or PINs, passport information, payment card information, national IDs or driver’s license numbers have not been compromised. However, Bonvoy passwords have been reset and impacted guests have been offered identity protection services free of charge for one year.

This breach is relatively small compared to the incident disclosed by Marriott in November 2018, which impacted roughly 383 million people who had stayed at Starwood hotel properties. A class action lawsuit has been filed against Marriott over this older breach as well and a federal judge recently allowed the case to proceed.

“These large companies know the risk posed by cyber criminals and continue to be cavalier with their customers’ personal information. It’s stunning that Marriott, which is already defending a significant data breach, we allege, would not have taken more care to secure its customers’ information. The fact that this breach comes less than two years after the first one we know about is damning, and they must be held accountable,” Morgan & Morgan attorneys John Morgan and John Yanchunis said in a joint statement.

“When guests stay at hotels, they trust the hotel will provide adequate security – both physical and the protection of their private information. It appears that the trust millions of people placed in Marriott was violated – again,” they added.

Related: French Consumer Group Launches Class Action Against Google

Related: Lawsuits Filed Against Intel Over CPU Vulnerabilities

Related: AMD, Apple Sued Over CPU Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...